SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets (SUSE-SU-2023:2783-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2783-1 advisory. - aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data...

This Week in Spring - June 27th, 2023

Hi Spring fans! Welcome to another installment of This Week in Spring! This week I am in Seoul talking to developers about the latest-and-greatest in Spring Boot 3! There's so much great stuff coming, and so much great stuff already. There are a few things I'm super excited about. First, yesterda...

GO-2023-1546 Denial of service in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp

The otelhttp package of opentelemetry-go-contrib is vulnerable to a denial-of-service attack. The otelhttp package uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength, http.server.responsecontentlength, and http.server.duration...

CVE-2023-25151

A flaw was found in opentelemetry-go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength, http.server.responsecontentlength, and http.server.duration...

This Week in Spring - February 14th, 2023

Hi, Spring fans! It's early Tuesday morning for me. I'm preparing to head to Chicago, Illinois to meet some customers and have myself a grand ol' time in the windy city. I hope you're doing well, I certainly am. A Bootiful Podcast: opensource, Spring Cloud, and Kubernetes maestro Abel Salgado...

GHSA-5R5M-65GX-7VRH otelhttp and otelbeego have DoS vulnerability for high cardinality metrics

Impact The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength, http.server.responsecontentlength, and http.server.duration instruments. The ServerRequest...

CVE-2023-25151

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

CVE-2023-25151

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

Design/Logic Flaw

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

CVE-2023-25151 DoS vulnerability for high cardinality metrics in opentelemetry-go-contrib

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

CVE-2023-25151 DoS vulnerability for high cardinality metrics in opentelemetry-go-contrib

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

CVE-2023-25151

CVE-2023-25151 affects opentelemetry-go-contrib's otelhttp (v0.38.0) where ServerRequest records http.target as the full request URI (including query string). This causes high cardinality of metrics (http.server.request_content_length, http.server.response_content_length, http.server.duration) an...

CVE-2023-25151 DoS vulnerability for high cardinality metrics in opentelemetry-go-contrib

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

Uncontrolled Resource Consumption

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

OpenTelemetry-Go Contrib 资源管理错误漏洞

OpenTelemetry-Go Contrib is a collection of extensions for OpenTelemetry Go in the OpenTelemetry open source. A resource management error vulnerability exists in OpenTelemetry-Go Contrib version v0.38.0, which stems from the fact that if the query string is always randomized, this results in an...

Uncontrolled Resource Consumption

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

This Week in Spring - December 6th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you? You know what Ive wanted to do? See my friends on the Spring team in person since the pandemic descended. And, Im overjoyed to relate, Ive just had the privilege of a nice meeting with several of them last night...

This Week in Spring - October 18th, 2022

Hi, Spring fans! Howre you doin? Im doin alright! Last week I was in Antwerp, Belgium, for the amazing Devoxx BE show. I did a presentation with my friend and hero James Ward on Spring and Kotlin that was voted third most-liked talk at a show with more than 250 speakers! That was a personal caree...

A Bootiful Podcast: Google mad scientist Josh Suereth on Observability with OpenTelemetry, building better build tools, and so much more

Hi, Spring fans! In this installment, Josh Long @starbuxman looks at the latest and greatest in Spring Boot 3 AOT, then talks to Googles Josh Suereth @jsuereth about observability with OpenTelemetry, building better build tools, and so much more. Want to learn more about Spring Boot and the wider...

PT-2022-28158 · Unknown · Opentelemetry-Go Contrib

Name of the Vulnerable Software and Affected Versions: opentelemetry-go-contrib versions 0.38.0 through 0.38.0 Description: The issue concerns a denial-of-service attack due to memory allocation increase when handling requests with constantly random query strings. The httpconv.ServerRequest...