CVE-2024-56528

High CVSS: 7.5

This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the pipeline and would be potentially lost.

Vendor

Snowplow

Product

Stream Collector

CWE

CWE-400

Yayın Tarihi

2025-04-03 21:15:39

Güncelleme

2025-04-15 19:29:19

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-400 Stream Collector HIGH Snowplow 2025

Referanslar

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

Benzer Kayıtlar

High

CVE-2024-47212

An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API end…

High

CVE-2024-47213

An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to th…

High

CVE-2024-47214

An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47212, but involves a different kind…

High

CVE-2024-47215

An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an in…

Medium

CVE-2024-47217

An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47214, but involves an authenticated…