This page aggregates publicly disclosed CVE and security risk information related to snowplow, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-56528 | This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the pipeline and would be potentially lost. | [email protected] | 7.5 | 0.59% | 2025-04-03 | 2025-04-15 |
| CVE-2024-47217 | An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47214, but involves an authenticated endpoint. It can render Iglu Server completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt. | [email protected] | 6.5 | 0.51% | 2025-04-03 | 2025-04-08 |
| CVE-2024-47215 | An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an invalid GTM SS preview header to events, causing them to be retried indefinitely. As a result, the performance of forwarding events to GTM SS overall can be affected (latency, throughput). | [email protected] | 7.5 | 0.64% | 2025-04-03 | 2025-04-23 |
| CVE-2024-47214 | An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47212, but involves a different kind of malicious payload. As above, it can render Iglu Server completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt. | [email protected] | 7.5 | 0.61% | 2025-04-03 | 2025-04-10 |
| CVE-2024-47213 | An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted. | [email protected] | 7.5 | 0.64% | 2025-04-03 | 2025-04-23 |
| CVE-2024-47212 | An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt. | [email protected] | 7.5 | 0.61% | 2025-04-03 | 2025-04-08 |