CVE-2024-56528

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-56528

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56528.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-56528

Published

2025-04-03T21:15:39.100Z

Modified

2026-04-10T05:19:50.606855Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the pipeline and would be potentially lost.

References

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

Affected packages

Git / github.com/snowplow/stream-collector

Affected ranges

Type

GIT

Repo

https://github.com/snowplow/stream-collector

Events

Introduced

3ebed61774ca9abbf1466e84847f2b92892aca16

Fixed

e40fc7572b750eb69a554b8e0e31787bca2fc514

Database specific

{
    "versions": [
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.3.0"
        }
    ]
}

Affected versions

3.*

3.0.0

3.0.0-rc27

3.0.1

3.1.0

3.1.1

3.1.2

3.2.0

3.2.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56528.json"