{"id":"CVE-2024-56528","details":"This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the pipeline and would be potentially lost.","modified":"2026-04-10T05:19:50.606855Z","published":"2025-04-03T21:15:39.100Z","references":[{"type":"FIX","url":"https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/snowplow/stream-collector","events":[{"introduced":"3ebed61774ca9abbf1466e84847f2b92892aca16"},{"fixed":"e40fc7572b750eb69a554b8e0e31787bca2fc514"}],"database_specific":{"versions":[{"introduced":"3.0.0"},{"fixed":"3.3.0"}]}}],"versions":["3.0.0","3.0.0-rc27","3.0.1","3.1.0","3.1.1","3.1.2","3.2.0","3.2.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56528.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}