3 matches found
OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
...
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...
EUVD-2026-20628
opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies...