149 matches found
CVE-2026-45292
A flaw was found in OpenTelemetry Java, specifically within the baggage propagation implementation of opentelemetry-api and opentelemetry-extension-trace-propagators. A remote attacker can exploit this vulnerability by sending oversized baggage, which leads to unbounded memory allocation and high...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the W3CBaggagePropagator function. An attacker can cause excessive memory allocation and CPU consumption by sending oversized baggage data, which is automatically re-injected into...
CVE-2026-45292
opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the Parse function. An attacker can exhaust CPU resources and generate excessive log output by sending oversized or malformed headers that are processed without length checks. Remediation...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the Parse function. An attacker can exhaust CPU resources and generate excessive log output by sending oversized or malformed headers that are processed without length checks. Remediation...
GHSA-5WRP-CWCJ-Q835 opentelemetry-go's baggage parsing no longer caps raw header length
Summary https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Details The commit removes the upfront baggage-string length check and the...
opentelemetry-go's baggage parsing no longer caps raw header length
Summary https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Details The commit removes the upfront baggage-string length check and the...
EUVD-2026-32953
opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...
CVE-2026-45292
opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...
CVE-2026-45292 opentelemetry-java: Unbounded Memory Allocation in W3C Baggage Propagation
opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...
CVE-2026-45292
The CVE-2026-45292 issue affects OpenTelemetry Java components: baggage propagation in opentelemetry-api and opentelemetry-extension-trace-propagators prior to 1.62.0. The vulnerability arises from parsing oversized baggage, causing unbounded memory allocation and high CPU usage, with baggage re-...
CVE-2026-45292 opentelemetry-java: Unbounded Memory Allocation in W3C Baggage Propagation
opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...
CVE-2026-45292 opentelemetry-java: Unbounded Memory Allocation in W3C Baggage Propagation
opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...
OpenTelemetry 安全漏洞
OpenTelemetry is an open-source, vendor-neutral, open-source observability framework developed by OpenTelemetry. Versions of OpenTelemetry prior to 1.62.0 contained a security vulnerability. This vulnerability stemmed from the parsing of excessively large baggage, leading to unlimited memory...
PT-2026-44723
Name of the Vulnerable Software and Affected Versions OpenTelemetry Go affected versions not specified Description A denial-of-service issue exists due to the removal of raw-length rejection during baggage header parsing. The Parse function processes arbitrarily large or invalid baggage headers a...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangSmith [CVE-2026-25528]
Summary IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangSmith, due to a flaw allowing the injection of arbitrary apiurl values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints CVE-2026-25528...
GHSA-RCGG-9C38-7XPX OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation
Overview A vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, t...
OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation
Overview A vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, t...
PT-2026-41161
Name of the Vulnerable Software and Affected Versions opentelemetry-java versions prior to 1.62.0 Description A flaw in the baggage propagation implementation within opentelemetry-api and opentelemetry-extension-trace-propagators allows for unbounded memory allocation and CPU consumption when...
Memory Allocation with Excessive Size Value
Overview OpenTelemetry.Extensions.Propagators is a package containing propagator formats for OpenTelemetry .NET. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the processing of propagation headers such as baggage, B3, and Jaeger. An attacker ca...