CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-56528

This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the pipeline and would be potentially lost.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.4%

CVSS Severity

CVSS v3 Score 7.5

References

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

Products affected by CVE-2024-56528

Snowplow » Stream Collector » Version: 3.0.0

cpe:2.3:a:snowplow:stream_collector:3.0.0
Snowplow » Stream Collector » Version: 3.0.1

cpe:2.3:a:snowplow:stream_collector:3.0.1
Snowplow » Stream Collector » Version: 3.1.0

cpe:2.3:a:snowplow:stream_collector:3.1.0
Snowplow » Stream Collector » Version: 3.1.1

cpe:2.3:a:snowplow:stream_collector:3.1.1
Snowplow » Stream Collector » Version: 3.1.2

cpe:2.3:a:snowplow:stream_collector:3.1.2
Snowplow » Stream Collector » Version: 3.2.0

cpe:2.3:a:snowplow:stream_collector:3.2.0
Snowplow » Stream Collector » Version: 3.2.1

cpe:2.3:a:snowplow:stream_collector:3.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-56528

Products

Pricing

Contact Us