417 matches found
otelgrpc DoS vulnerability due to unbound cardinality metrics
Summary The grpc Unary Server Interceptor opentelemetry-go-contrib/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go // UnaryServerInterceptor returns a grpc.UnaryServerInterceptor suitable // for use in a grpc.NewServer call. func UnaryServerInterceptoropts ...Option...
otelgrpc DoS vulnerability due to unbound cardinality metrics
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustio...
AZL-42745 CVE-2023-47108 affecting package ig for versions less than 0.30.0-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...
AZL-34891 CVE-2023-47108 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...
AZL-34620 CVE-2023-47108 affecting package containerd for versions less than 1.7.13-3
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...
CVE-2023-47108
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...
AZL-35440 CVE-2023-47108 affecting package docker-compose for versions less than 2.27.0-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...
AZL-31896 CVE-2023-47108 affecting package moby-containerd-cc for versions less than 1.7.2-3
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...
Code injection
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustio...
UBUNTU-CVE-2023-47108
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...
CVE-2023-47108 DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...
CVE-2023-47108
The CVE-2023-47108 issue affects OpenTelemetry-Go Contrib's grpc Unary Server Interceptor in versions >=0.37.0 and
CVE-2023-47108 DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...
mariadb: server crash in JOIN_CACHE::free or in copy_fields
MariaDB v10.7 was discovered to contain an use-after-poison in in interceptormemset at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc...
mariadb: server crash in JOIN_CACHE::free or in copy_fields
MariaDB v10.7 was discovered to contain an use-after-poison in in interceptormemset at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc...
mariadb: server crash in JOIN_CACHE::free or in copy_fields
MariaDB v10.7 was discovered to contain an use-after-poison in in interceptormemset at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc...
mariadb: server crash in JOIN_CACHE::free or in copy_fields
MariaDB v10.7 was discovered to contain an use-after-poison in in interceptormemset at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc...
import-in-the-middle Input Validation Error Vulnerability
import-in-the-middle is an intermediate requirements-inspired module loading interceptor open-sourced by Datadog. An input validation error vulnerability exists in import-in-the-middle 1.4.2. An attacker exploiting this vulnerability could remotely execute code...
PT-2023-26127 · Okhttp · Okhttp
Name of the Vulnerable Software and Affected Versions: OkHttp affected versions not specified Description: The issue allows for a Denial of Service DoS of the OkHttp client when using a BrotliInterceptor and accessing a malicious web server, or when an attacker can perform a Man-in-the-Middle Mit...
Square OkHttp 安全漏洞
Square OkHttp is the United States Square's set of HTTP and HTTP /2 client software for Android and Java applications . The software supports synchronous blocking calls and asynchronous calls with callbacks, response caching to avoid duplicate requests over the network, and more. OkHttp suffers...