Lucene search
K

16 matches found

NVD
NVD
added 2026/06/22 6:16 p.m.11 views

CVE-2026-54285

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were...

5.3CVSS0.00238EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 4:52 p.m.40 views

CVE-2026-54285

Opentelemetry-js (OpenTelemetry JavaScript client) is affected by CVE-2026-54285 through the W3CBaggagePropagator.extract() path in @opentelemetry/core prior to 2.8.0, where inbound baggage headers were not capped and could trigger memory allocation proportional to header size. The issue is fixed...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 4:52 p.m.31 views

CVE-2026-54285 opentelemetry-js: Unbounded memory allocation in W3C Baggage propagation

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were...

5.3CVSS0.00238EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49598

Name of the Vulnerable Software and Affected Versions @opentelemetry/core versions prior to 2.8.0 Description The W3CBaggagePropagator.extract function in @opentelemetry/core fails to enforce size limits when parsing inbound baggage HTTP headers. While the W3C Baggage specification recommends a...

5.3CVSS5.7AI score0.00238EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40894

OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...

5.3CVSS5.5AI score0.00458EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 2:38 p.m.38 views

CVE-2026-41178 OpenTelemetry-Go's baggage parsing no longer caps raw header length

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

5.3CVSS0.00237EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 2:38 p.m.57 views

CVE-2026-41178

CVE-2026-41178 affects OpenTelemetry-Go baggage parsing. The issue arises from removal of raw-length rejection in baggage header parsing, causing Parse to fully process very large or invalid baggage headers and log errors, enabling potential DoS via CPU/memory and log amplification. Concrete deta...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 2:38 p.m.9 views

CVE-2026-41178 OpenTelemetry-Go's baggage parsing no longer caps raw header length

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:37 p.m.11 views

CVE-2026-45292

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...

5.3CVSS5.8AI score0.00686EPSS
Exploits0References5Affected Software3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.10 views

PT-2026-44723

Name of the Vulnerable Software and Affected Versions OpenTelemetry Go affected versions not specified Description A denial-of-service issue exists due to the removal of raw-length rejection during baggage header parsing. The Parse function processes arbitrarily large or invalid baggage headers a...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

OpenTelemetry 安全漏洞

OpenTelemetry is an open-source, vendor-neutral, open-source observability framework developed by OpenTelemetry. Versions of OpenTelemetry prior to 1.62.0 contained a security vulnerability. This vulnerability stemmed from the parsing of excessively large baggage, leading to unlimited memory...

5.3CVSS5.8AI score0.00686EPSS
Exploits0References4
OSV
OSV
added 2026/05/14 4:36 p.m.8 views

GHSA-RCGG-9C38-7XPX OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation

Overview A vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, t...

5.3CVSS5.9AI score0.00686EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.20 views

PT-2026-41161

Name of the Vulnerable Software and Affected Versions opentelemetry-java versions prior to 1.62.0 Description A flaw in the baggage propagation implementation within opentelemetry-api and opentelemetry-extension-trace-propagators allows for unbounded memory allocation and CPU consumption when...

7.5CVSS5.8AI score0.00686EPSS
Exploits0References16
EUVD
EUVD
added 2026/04/23 9:43 p.m.9 views

EUVD-2026-25269

OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers...

5.3CVSS5.7AI score0.00458EPSS
Exploits0References9
NVD
NVD
added 2026/04/23 7:17 p.m.8 views

CVE-2026-40894

OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...

5.3CVSS0.00458EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.5 views

PT-2026-34720

Name of the Vulnerable Software and Affected Versions OpenTelemetry.Api versions 0.5.0-beta.2 through 1.15.2 OpenTelemetry.Extensions.Propagators versions 1.3.1 through 1.15.2 Description Implementation details of the baggage, B3, and Jaeger processing code in the OpenTelemetry.Api and...

5.3CVSS5.2AI score0.00458EPSS
Exploits0References16
Rows per page
Query Builder