Lucene search
K

5 matches found

OSV
OSV
added 2026/06/25 6:40 p.m.2 views

GHSA-W9WP-H8WV-79JX opentelemetry_sdk has unbounded memory allocation in W3C Baggage propagation

Summary BaggagePropagator::extractwithcontext in opentelemetrysdk did not enforce the W3C Baggage size limits before parsing an inbound baggage header. A large attacker-controlled header could cause unnecessary CPU work and short-lived heap allocations while parsing entries that would later be...

5.3CVSS5.9AI score0.00096EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:38 p.m.9 views

OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation

Overview W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were only enforced on the outbound inject path, not on the inbound...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 8:38 p.m.8 views

GHSA-8988-4F7V-96QF OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation

Overview W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were only enforced on the outbound inject path, not on the inbound...

5.3CVSS5.6AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49598

Name of the Vulnerable Software and Affected Versions @opentelemetry/core versions prior to 2.8.0 Description The W3CBaggagePropagator.extract function in @opentelemetry/core fails to enforce size limits when parsing inbound baggage HTTP headers. While the W3C Baggage specification recommends a...

5.3CVSS5.7AI score0.00238EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.20 views

PT-2026-41161

Name of the Vulnerable Software and Affected Versions opentelemetry-java versions prior to 1.62.0 Description A flaw in the baggage propagation implementation within opentelemetry-api and opentelemetry-extension-trace-propagators allows for unbounded memory allocation and CPU consumption when...

7.5CVSS5.8AI score0.00791EPSS
Exploits0References16
Rows per page
Query Builder