Third-Party Package Updates in Snowflake App - April 2025
Advisory ID: SVD-2025-0411
CVE ID: Multiple
Published: 2025-04-09
Last Update: 2025-04-09
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Snowflake App version 1.1.4 and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| curl1 | Package Removed | Multiple | High |
1 Snowflake removed the curl in snowflake/wheels/py39/snowflake_connector_python-3.1.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64/snowflake/connector folder to remedy multiple CVE’s
Solution
Upgrade Snowflake to version 1.1.4 or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Snowflake | 1.1.4 | Below 1.1.4 | 1.1.4 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.