Lucene search
K

38 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2023/10/16 12:0 a.m.30 views

Allocation of Resources Without Limits or Throttling

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS6.2AI score0.01364EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2023/10/13 12:27 p.m.25 views

Denial Of Service

opentelemetry-go-contrib is vulnerable to Denial of Service. The handler wrapper adds labels that have unbound cardinality. An attacker can send malicious requests which leads to a memory exhaustion...

7.5CVSS7AI score0.01364EPSS
Exploits0References10Affected Software2
OSV
OSV
added 2023/10/12 5:15 p.m.10 views

AZL-35437 CVE-2023-45142 affecting package docker-buildx for versions less than 0.14.0-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS7.1AI score0.01364EPSS
Exploits0References1
OSV
OSV
added 2023/10/12 5:15 p.m.26 views

AZL-35119 CVE-2023-45142 affecting package prometheus-adapter for versions less than 0.12.0-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS7.1AI score0.01364EPSS
Exploits0References1
OSV
OSV
added 2023/10/12 5:15 p.m.7 views

AZL-35069 CVE-2023-45142 affecting package opa for versions less than 0.63.0-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS7.1AI score0.01364EPSS
Exploits0References1
Prion
Prion
added 2023/10/12 5:15 p.m.39 views

Design/Logic Flaw

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

5CVSS7.4AI score0.01364EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2023/10/12 4:33 p.m.49 views

CVE-2023-45142 OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS7.7AI score0.01364EPSS
Exploits0References9
OSV
OSV
added 2023/04/05 6:2 p.m.52 views

GO-2023-1546 Denial of service in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp

The otelhttp package of opentelemetry-go-contrib is vulnerable to a denial-of-service attack. The otelhttp package uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength, http.server.responsecontentlength, and http.server.duration...

7.5CVSS9.4AI score0.05994EPSS
Exploits1References1
NVD
NVD
added 2023/02/08 8:15 p.m.32 views

CVE-2023-25151

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

7.5CVSS7.4AI score0.00973EPSS
Exploits1References2
Prion
Prion
added 2023/02/08 8:15 p.m.18 views

Design/Logic Flaw

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

5CVSS7.4AI score0.00973EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/02/08 7:21 p.m.29 views

CVE-2023-25151 DoS vulnerability for high cardinality metrics in opentelemetry-go-contrib

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

7.5CVSS7.5AI score0.00973EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/02/08 7:21 p.m.7 views

CVE-2023-25151 DoS vulnerability for high cardinality metrics in opentelemetry-go-contrib

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

7.5CVSS7.7AI score0.00973EPSS
Exploits1References2
CVE
CVE
added 2023/02/08 7:21 p.m.160 views

CVE-2023-25151

CVE-2023-25151 affects opentelemetry-go-contrib's otelhttp (v0.38.0) where ServerRequest records http.target as the full request URI (including query string). This causes high cardinality of metrics (http.server.request_content_length, http.server.response_content_length, http.server.duration) an...

7.5CVSS7.3AI score0.00973EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/02/08 12:0 a.m.37 views

Uncontrolled Resource Consumption

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

7.5CVSS7.2AI score0.00973EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/02/08 12:0 a.m.46 views

Uncontrolled Resource Consumption

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

7.5CVSS7.2AI score0.00973EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2023/02/08 12:0 a.m.6 views

OpenTelemetry-Go Contrib 资源管理错误漏洞

OpenTelemetry-Go Contrib is a collection of extensions for OpenTelemetry Go in the OpenTelemetry open source. A resource management error vulnerability exists in OpenTelemetry-Go Contrib version v0.38.0, which stems from the fact that if the query string is always randomized, this results in an...

7.5CVSS7.4AI score0.00973EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/07/15 12:0 a.m.3 views

PT-2022-28158 · Unknown · Opentelemetry-Go Contrib

Name of the Vulnerable Software and Affected Versions: opentelemetry-go-contrib versions 0.38.0 through 0.38.0 Description: The issue concerns a denial-of-service attack due to memory allocation increase when handling requests with constantly random query strings. The httpconv.ServerRequest...

7.5CVSS7.4AI score0.00973EPSS
Exploits1References17
Positive Technologies
Positive Technologies
added 2022/02/16 12:0 a.m.8 views

PT-2022-7151 · Unknown +2 · Opentelemetry-Go Contrib +2

Name of the Vulnerable Software and Affected Versions: OpenTelemetry-Go Contrib versions prior to 0.44.0 Description: The issue is related to a denial-of-service attack that can cause memory exhaustion when handling requests with non-standard HTTP methods or User-Agents. The library internally us...

9.9CVSS7AI score0.99999EPSS
Exploits22References214
Rows per page
Query Builder