CVE-2024-56528

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-56528

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56528.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-56528

Published

2025-04-03T21:15:39Z

Modified

2025-04-17T04:02:02.628416Z

Summary

[none]

Details

This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the pipeline and would be potentially lost.

References

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

Affected packages

Git / github.com/snowplow/stream-collector

Affected ranges

Type: GIT
Repo: https://github.com/snowplow/stream-collector
Events: Introduced

3ebed61774ca9abbf1466e84847f2b92892aca16

Fixed

e40fc7572b750eb69a554b8e0e31787bca2fc514

Affected versions

3.*

3.0.0

3.0.0-rc27

3.0.1

3.1.0

3.1.1

3.1.2

3.2.0

3.2.1