CVE-2024-47213

High CVSS: 7.5

An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted.

Vendor

Snowplow

Product

Enrich

CWE

CWE-404

Yayın Tarihi

2025-04-03 21:15:38

Güncelleme

2025-04-23 14:58:27

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-404 Enrich HIGH Snowplow 2025

Referanslar

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

Benzer Kayıtlar

High

CVE-2024-56528

This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establish…

High

CVE-2024-47212

An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API end…

High

CVE-2024-47214

An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47212, but involves a different kind…

High

CVE-2024-47215

An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an in…

Medium

CVE-2024-47217

An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47214, but involves an authenticated…