Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-47213

An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted.

Published

2025-04-03T21:15:38.647

Last Modified

2025-04-23T14:58:27.637

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-404

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	snowplow	enrich	< 5.1.1	Yes

References

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users Release Notes, Vendor Advisory ([email protected])