Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-59892

A flaw was found in the @opentelemetry/propagator-jaeger component of OpenTelemetry JavaScript. This vulnerability allows an unauthenticated remote attacker to send specially crafted HTTP header values, specifically uber-trace-id and uberctx-. The component improperly decodes these values without...

7.5CVSS6AI score0.00436EPSS
Exploits0References6
NVD
NVD
added last week11 views

CVE-2026-59892

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS0.00436EPSS
Exploits0References3
CVE
CVE
added last week10 views

CVE-2026-59892

Summary: OpenTelemetry JavaScript’s JaegerPropagator (via @opentelemetry/propagator-jaeger) decodes uber-trace-id and uberctx-* headers with decodeURIComponent() without handling decode errors prior to 2.9.0, enabling an unauthenticated attacker to send a malformed percent-encoded value that resu...

7.5CVSS6AI score0.00436EPSS
Exploits0References3
OSV
OSV
added last week3 views

CVE-2026-59892 OpenTelemetry JavaScript: Denial of service in `JaegerPropagator` via unhandled exception on a malformed header

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS6.1AI score0.00436EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-59892

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS6AI score0.00436EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.11 views

PT-2026-56504

Name of the Vulnerable Software and Affected Versions @opentelemetry/propagator-jaeger versions prior to 2.9.0 Description The @opentelemetry/propagator-jaeger component decodes incoming uber-trace-id and uberctx- HTTP header values using the decodeURIComponent function without proper error...

7.5CVSS6AI score0.00436EPSS
Exploits0References9
OSV
OSV
added 2026/04/23 9:43 p.m.21 views

GHSA-G94R-2VXG-569J OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers

Summary The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service DoS in the consuming application. Details...

5.3CVSS5.8AI score0.00458EPSS
Exploits0References10
OSV
OSV
added 2025/11/17 12:0 p.m.6 views

RUSTSEC-2025-0123 opentelemetry-jaeger crate is unmaintained

The opentelemetry-jaeger crate is deprecated and no longer actively maintained. The Jaeger propagator implementation has been migrated to opentelemetry-jaeger-propagator. More information and examples of using OTLP with Jaeger can be found in Introducing native support for OpenTelemetry in Jaeger...

6.6AI score
Exploits0References2
RustSec
RustSec
added 2025/11/17 12:0 p.m.8 views

opentelemetry-jaeger crate is unmaintained

The opentelemetry-jaeger crate is deprecated and no longer actively maintained. The Jaeger propagator implementation has been migrated to opentelemetry-jaeger-propagator. More information and examples of using OTLP with Jaeger can be found in Introducing native support for OpenTelemetry in Jaeger...

6.7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 1:12 p.m.6 views

Malicious code in propagator-jaeger (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Rows per page
Query Builder