Lucene search
+L

149 matches found

RedhatCVE
RedhatCVE
added 2026/06/02 2:43 p.m.11 views

CVE-2026-45292

A flaw was found in OpenTelemetry Java, specifically within the baggage propagation implementation of opentelemetry-api and opentelemetry-extension-trace-propagators. A remote attacker can exploit this vulnerability by sending oversized baggage, which leads to unbounded memory allocation and high...

7.5CVSS5.8AI score0.00791EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/28 6:24 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the W3CBaggagePropagator function. An attacker can cause excessive memory allocation and CPU consumption by sending oversized baggage data, which is automatically re-injected into...

8.7CVSS5.3AI score0.00791EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 5:16 p.m.19 views

CVE-2026-45292

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...

7.5CVSS0.00791EPSS
Exploits0References9
Snyk
Snyk
added 2026/05/28 5:4 p.m.13 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the Parse function. An attacker can exhaust CPU resources and generate excessive log output by sending oversized or malformed headers that are processed without length checks. Remediation...

6.9CVSS5.8AI score0.00237EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 5:4 p.m.12 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the Parse function. An attacker can exhaust CPU resources and generate excessive log output by sending oversized or malformed headers that are processed without length checks. Remediation...

6.9CVSS5.8AI score0.00237EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 5:4 p.m.17 views

GHSA-5WRP-CWCJ-Q835 opentelemetry-go's baggage parsing no longer caps raw header length

Summary https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Details The commit removes the upfront baggage-string length check and the...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/28 5:4 p.m.16 views

opentelemetry-go's baggage parsing no longer caps raw header length

Summary https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Details The commit removes the upfront baggage-string length check and the...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References4Affected Software2
EUVD
EUVD
added 2026/05/28 4:37 p.m.11 views

EUVD-2026-32953

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...

5.3CVSS5.8AI score0.00791EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:37 p.m.11 views

CVE-2026-45292

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...

5.3CVSS5.8AI score0.00791EPSS
Exploits0References5Affected Software3
Vulnrichment
Vulnrichment
added 2026/05/28 4:37 p.m.14 views

CVE-2026-45292 opentelemetry-java: Unbounded Memory Allocation in W3C Baggage Propagation

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...

5.3CVSS5.8AI score0.00791EPSS
Exploits0References4
CVE
CVE
added 2026/05/28 4:37 p.m.120 views

CVE-2026-45292

The CVE-2026-45292 issue affects OpenTelemetry Java components: baggage propagation in opentelemetry-api and opentelemetry-extension-trace-propagators prior to 1.62.0. The vulnerability arises from parsing oversized baggage, causing unbounded memory allocation and high CPU usage, with baggage re-...

7.5CVSS5.8AI score0.00791EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/28 4:37 p.m.53 views

CVE-2026-45292 opentelemetry-java: Unbounded Memory Allocation in W3C Baggage Propagation

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...

5.3CVSS0.00791EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 4:37 p.m.4 views

CVE-2026-45292 opentelemetry-java: Unbounded Memory Allocation in W3C Baggage Propagation

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...

5.3CVSS6AI score0.00791EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

OpenTelemetry 安全漏洞

OpenTelemetry is an open-source, vendor-neutral, open-source observability framework developed by OpenTelemetry. Versions of OpenTelemetry prior to 1.62.0 contained a security vulnerability. This vulnerability stemmed from the parsing of excessively large baggage, leading to unlimited memory...

5.3CVSS5.8AI score0.00791EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-44723

Name of the Vulnerable Software and Affected Versions OpenTelemetry Go affected versions not specified Description A denial-of-service issue exists due to the removal of raw-length rejection during baggage header parsing. The Parse function processes arbitrarily large or invalid baggage headers a...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References12
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:41 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangSmith [CVE-2026-25528]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangSmith, due to a flaw allowing the injection of arbitrary apiurl values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints CVE-2026-25528...

5.8CVSS7.3AI score0.00282EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/14 4:36 p.m.11 views

GHSA-RCGG-9C38-7XPX OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation

Overview A vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, t...

5.3CVSS5.9AI score0.00791EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/14 4:36 p.m.34 views

OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation

Overview A vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, t...

7.5CVSS5.9AI score0.00791EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.23 views

PT-2026-41161

Name of the Vulnerable Software and Affected Versions opentelemetry-java versions prior to 1.62.0 Description A flaw in the baggage propagation implementation within opentelemetry-api and opentelemetry-extension-trace-propagators allows for unbounded memory allocation and CPU consumption when...

7.5CVSS5.8AI score0.00791EPSS
Exploits0References18
Snyk
Snyk
added 2026/04/23 9:43 p.m.6 views

Memory Allocation with Excessive Size Value

Overview OpenTelemetry.Extensions.Propagators is a package containing propagator formats for OpenTelemetry .NET. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the processing of propagation headers such as baggage, B3, and Jaeger. An attacker ca...

6.9CVSS5.5AI score0.00458EPSS
Exploits0References2
Rows per page
Query Builder