6 matches found
CVE-2026-41173
The AWS X-Ray Remote Sampler package provides a sampler which can get sampling configurations from AWS X-Ray. Prior to 0.1.0-alpha.8, OpenTelemetry.Sampler.AWS reads unbounded HTTP response bodies from a configured AWS X-Ray remote sampling endpoint into memory. AWSXRaySamplerClient.DoRequestAsyn...
EUVD-2026-25271
OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads...
CVE-2026-41173
OpenTelemetry.Sampler.AWS is affected by an unbounded HTTP response body read in the AWS X-Ray remote sampler prior to 0.1.0-alpha.8. The AWSXRaySamplerClient.DoRequestAsync call reads the entire HTTP response into memory (ReadAsStringAsync) without size limits, enabling an attacker controlling o...
CVE-2026-41173
The AWS X-Ray Remote Sampler package provides a sampler which can get sampling configurations from AWS X-Ray. Prior to 0.1.0-alpha.8, OpenTelemetry.Sampler.AWS reads unbounded HTTP response bodies from a configured AWS X-Ray remote sampling endpoint into memory. AWSXRaySamplerClient.DoRequestAsyn...
CVE-2026-41173 Unbounded HTTP response body read in OpenTelemetry.Sampler.AWS
The AWS X-Ray Remote Sampler package provides a sampler which can get sampling configurations from AWS X-Ray. Prior to 0.1.0-alpha.8, OpenTelemetry.Sampler.AWS reads unbounded HTTP response bodies from a configured AWS X-Ray remote sampling endpoint into memory. AWSXRaySamplerClient.DoRequestAsyn...
PT-2026-34721
Name of the Vulnerable Software and Affected Versions OpenTelemetry.Sampler.AWS versions prior to 0.1.0-alpha.8 OpenTelemetry.Resources.AWS versions prior to 1.15.1 Description OpenTelemetry.Sampler.AWS and OpenTelemetry.Resources.AWS read unbounded HTTP response bodies from configured endpoints...