Snowplow Enrich Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Snowplow Enrich versions through 5.1.0. The issue arises when a maliciously crafted Snowplow event is sent to the pipeline. The Enrich process crashes while validating the event and then attempts to restart indefinitely, disrupting event processing.

Impact

Exploitation of this vulnerability causes the Enrich process to crash and restart repeatedly, halting event processing in the pipeline.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Snowplow Enrich Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

Snowplow Enrich

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating