3 matches found
CVE-2026-54704
OpenTelemetry Java Instrumentation contains a vulnerability in JDBC auto-instrumentation prior to version 2.28.0 where passwords in SQL CONNECT statements may not be sanitized if the password is double-quoted. This can cause clear-text database passwords to be added to trace spans and exported to...
CVE-2026-44289 vulnerabilities
Vulnerabilities for packages: opentelemetry-auto-instrumentations-node, pulumi, vitess, gemini-cli, cadence-web, homepage, renovate, nemo, kibana, librechat, kubeflow-centraldashboard...
Prometheus exporter process crash via malformed HTTP request
Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You...