OpenTelemetry-Go 代码问题漏洞

OpenTelemetry-Go is an open-source developer toolkit developed by OpenTelemetry - CNCF. Versions of OpenTelemetry-Go from 1.15.0 to 1.42.0 have code vulnerabilities that stem from path hijacking, which may lead to command execution...

OpenTelemetry-Go 安全漏洞

OpenTelemetry-Go is an open-source developer toolkit developed by OpenTelemetry - CNCF. Versions of OpenTelemetry-Go prior to 1.43.0 contained a security vulnerability; this vulnerability stemmed from the lack of restrictions on the size of the response body, which could lead to memory exhaustion...

PT-2026-31450

Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions 1.15.0 through 1.42.0 Description The fix for a previous issue changed the path used for one command but left another command vulnerable to a PATH hijacking attack on BSD and Solaris platforms. Specifically, the kenv...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

DEBIAN-CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

UBUNTU-CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

CVE-2026-29181

OpenTelemetry-Go (Go implementation) has a vulnerability in multi-value baggage header extraction: from versions 1.36.0 through 1.40.0, parsing each header field-value independently causes aggregation of members across values, enabling an attacker to trigger excessive CPU and memory allocations a...

CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. this allows an attacker to amplify cpu and allocations by sending many baggage: header lines, even when each individual value is within the 8192-byte per-value parse limit...

EUVD-2026-19938

OpenTelemetry-Go: multi-value baggage header extraction causes excessive allocations remote dos amplification...

GHSA-MH2Q-Q3FH-2475 OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. this allows an attacker to amplify cpu and allocations by sending many baggage: header lines, even when each individual value is within the 8192-byte per-value parse limit...

OpenTelemetry-Go 安全漏洞

OpenTelemetry-Go is an open-source developer toolkit developed by OpenTelemetry - CNCF. Versions of OpenTelemetry-Go from 1.36.0 to 1.40.0 contain security vulnerabilities. These vulnerabilities stem from the independent parsing of each header field value within a multi-value baggage header and t...

PT-2026-31016

Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions 1.36.0 through 1.40.0 Description The OpenTelemetry-Go implementation is susceptible to a remote request amplification issue due to the way it handles multi-value baggage headers. Specifically, the extractMultiBaggage...

CLEANSTART-2026-LD15132 Security fixes for CVE-2020-8912, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, ghsa-6g7g-w4f8-9c9x, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p77j-4mvh-x3m3 applied in versions: 0.142.0-r0, 0.144.0-r0, 0.144.0-r1, 0.144.0-r2, 0.144.0-r3

Multiple security vulnerabilities affect the opentelemetry-collector-contrib-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-SR26977 Security fixes for CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-6g7g-w4f8-9c9x, ghsa-fw7p-63qq-7hpr, ghsa-p77j-4mvh-x3m3 applied in versions: 0.144.0-r0, 0.144.0-r1, 0.144.0-r2, 0.144.0-r3, 0.144.0-r4

Multiple security vulnerabilities affect the opentelemetry-collector-contrib package. These issues are resolved in later releases. See references for individual vulnerability details...

PT-2026-31449

Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions prior to 1.43.0 Description The otlp HTTP exporters traces, metrics, logs in OpenTelemetry-Go versions prior to 1.43.0 read the full HTTP response body into an in-memory bytes.Buffer without a size limit. This can lea...

CVE-2026-32285 vulnerabilities

Vulnerabilities for packages: rclone, chainloop-cli, goreleaser, eksctl, tempo-fips, opentelemetry-collector-contrib, dagger, dgraph, elastic-agent-fips, nfpm, teleport, maru, chainloop-cli-fips, k8sgpt, lazygit, k3s, terraform-mcp-server, gitlab-runner-fips, grafana-alloy, mcp-grafana-fips,...