CVE-2023-34233 (snowflake_connector)

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-on(SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to …

applications authentication browser command command injection connect connector cve exploit injection interface malicious operations order python sign single single sign-on snowflake sso standard url vulnerable