38 matches found
Allocation of Resources Without Limits or Throttling
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
Denial Of Service
opentelemetry-go-contrib is vulnerable to Denial of Service. The handler wrapper adds labels that have unbound cardinality. An attacker can send malicious requests which leads to a memory exhaustion...
AZL-35437 CVE-2023-45142 affecting package docker-buildx for versions less than 0.14.0-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
AZL-35119 CVE-2023-45142 affecting package prometheus-adapter for versions less than 0.12.0-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
AZL-35069 CVE-2023-45142 affecting package opa for versions less than 0.63.0-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
Design/Logic Flaw
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
CVE-2023-45142 OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
GO-2023-1546 Denial of service in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
The otelhttp package of opentelemetry-go-contrib is vulnerable to a denial-of-service attack. The otelhttp package uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength, http.server.responsecontentlength, and http.server.duration...
CVE-2023-25151
opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...
Design/Logic Flaw
opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...
CVE-2023-25151 DoS vulnerability for high cardinality metrics in opentelemetry-go-contrib
opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...
CVE-2023-25151 DoS vulnerability for high cardinality metrics in opentelemetry-go-contrib
opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...
CVE-2023-25151
CVE-2023-25151 affects opentelemetry-go-contrib's otelhttp (v0.38.0) where ServerRequest records http.target as the full request URI (including query string). This causes high cardinality of metrics (http.server.request_content_length, http.server.response_content_length, http.server.duration) an...
Uncontrolled Resource Consumption
opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...
Uncontrolled Resource Consumption
opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...
OpenTelemetry-Go Contrib 资源管理错误漏洞
OpenTelemetry-Go Contrib is a collection of extensions for OpenTelemetry Go in the OpenTelemetry open source. A resource management error vulnerability exists in OpenTelemetry-Go Contrib version v0.38.0, which stems from the fact that if the query string is always randomized, this results in an...
PT-2022-28158 · Unknown · Opentelemetry-Go Contrib
Name of the Vulnerable Software and Affected Versions: opentelemetry-go-contrib versions 0.38.0 through 0.38.0 Description: The issue concerns a denial-of-service attack due to memory allocation increase when handling requests with constantly random query strings. The httpconv.ServerRequest...
PT-2022-7151 · Unknown +2 · Opentelemetry-Go Contrib +2
Name of the Vulnerable Software and Affected Versions: OpenTelemetry-Go Contrib versions prior to 0.44.0 Description: The issue is related to a denial-of-service attack that can cause memory exhaustion when handling requests with non-standard HTTP methods or User-Agents. The library internally us...