Lucene search
+L

150 matches found

NVD
NVD
added 2026/04/07 9:17 p.m.10 views

CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS0.00435EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/04/07 9:17 p.m.4 views

CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.9AI score0.00435EPSS
Exploits1References2
OSV
OSV
added 2026/04/07 9:17 p.m.7 views

UBUNTU-CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.8AI score0.00435EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/07 8:29 p.m.44 views

CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS0.00435EPSS
Exploits1References1
OSV
OSV
added 2026/04/07 8:29 p.m.1 views

CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS6AI score0.00435EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/04/07 8:29 p.m.5 views

CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.9AI score0.00435EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 8:29 p.m.2 views

CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.9AI score0.00435EPSS
Exploits1References1
CVE
CVE
added 2026/04/07 8:29 p.m.62 views

CVE-2026-29181

OpenTelemetry-Go (Go implementation) has a vulnerability in multi-value baggage header extraction: from versions 1.36.0 through 1.40.0, parsing each header field-value independently causes aggregation of members across values, enabling an attacker to trigger excessive CPU and memory allocations a...

7.5CVSS5.9AI score0.00435EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2026/04/07 8:29 p.m.45 views

CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.2AI score0.00435EPSS
Exploits1
EUVD
EUVD
added 2026/04/07 8:12 p.m.9 views

EUVD-2026-19938

OpenTelemetry-Go: multi-value baggage header extraction causes excessive allocations remote dos amplification...

7.5CVSS5.9AI score0.00435EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/07 8:12 p.m.8 views

OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. this allows an attacker to amplify cpu and allocations by sending many baggage: header lines, even when each individual value is within the 8192-byte per-value parse limit...

7.5CVSS6AI score0.00435EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/04/07 8:12 p.m.11 views

GHSA-MH2Q-Q3FH-2475 OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. this allows an attacker to amplify cpu and allocations by sending many baggage: header lines, even when each individual value is within the 8192-byte per-value parse limit...

7.5CVSS5.8AI score0.00435EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

OpenTelemetry-Go 安全漏洞

OpenTelemetry-Go is an open-source developer toolkit developed by OpenTelemetry - CNCF. Versions of OpenTelemetry-Go from 1.36.0 to 1.40.0 contain security vulnerabilities. These vulnerabilities stem from the independent parsing of each header field value within a multi-value baggage header and t...

7.5CVSS5.8AI score0.00435EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-31016

Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions 1.36.0 through 1.40.0 Description The OpenTelemetry-Go implementation is susceptible to a remote request amplification issue due to the way it handles multi-value baggage headers. Specifically, the extractMultiBaggage...

9.8CVSS6AI score0.00868EPSS
Exploits1References429
RedhatCVE
RedhatCVE
added 2026/02/11 1:33 a.m.7 views

CVE-2026-25528

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...

5.8CVSS5.9AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/02/09 9:15 p.m.12 views

CVE-2026-25528

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...

5.8CVSS0.00282EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/09 8:53 p.m.4 views

Server-side Request Forgery (SSRF)

Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper validation of apiurl and apikey fields in baggage headers in RunTree.fromheaders and...

7.5CVSS5.9AI score0.00282EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/09 8:53 p.m.4 views

Server-side Request Forgery (SSRF)

Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper validation of apiurl and apikey fields in baggage headers in RunTree.fromheaders and...

7.5CVSS5.9AI score0.00282EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/09 8:36 p.m.8 views

LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection

Summary The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints. ---...

5.8CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/09 8:36 p.m.5 views

GHSA-V34V-RQ6J-CJ6P LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection

Summary The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints. ---...

5.8CVSS6AI score0.00282EPSS
Exploits0References3
Rows per page
Query Builder