CVE-2024-47214

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47214

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47214.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-47214

Published

2025-04-03T21:15:38.760Z

Modified

2025-11-20T12:30:17.547430Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47212, but involves a different kind of malicious payload. As above, it can render Iglu Server completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt.

References

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

Affected packages

Git / github.com/snowplow/iglu-server

Affected ranges

Type: GIT
Repo: https://github.com/snowplow/iglu-server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bf55b6a92533de636d2e57a52ffc1c68d863c4ae

Affected versions

0.*

0.10.0

0.10.0-rc1

0.10.0-rc2

0.10.1

0.10.1-rc1

0.10.1-rc3

0.11.0

0.12.0

0.12.1

0.13.0

0.2.0

0.3.0

0.4.0

0.5.0

0.6.0

0.6.1

0.6.2

0.7.0

0.8.0

0.8.1

0.8.1-rc1

0.8.2

0.8.2-rc2

0.8.3

0.8.4

0.8.4-rc1

0.8.5

0.8.6

0.8.7

0.9.0

0.9.1