exploitDog

CVE-2024-47213

Опубликовано: 03 апр. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted.

Ссылки

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:snowplow:enrich:*:*:*:*:*:*:*:*

Версия до 5.1.1 (исключая)

EPSS

Процентиль: 29%

0.00102

Низкий

7.5 High

CVSS3

Дефекты

CWE-404

Связанные уязвимости

GHSA-fv89-7wfw-xmjg

CVSS3: 7.5

github

10 месяцев назад

An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted.

EPSS

Процентиль: 29%

0.00102

Низкий

7.5 High

CVSS3

Дефекты

CWE-404