Lucene search
K

167 matches found

RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-59892

A flaw was found in the @opentelemetry/propagator-jaeger component of OpenTelemetry JavaScript. This vulnerability allows an unauthenticated remote attacker to send specially crafted HTTP header values, specifically uber-trace-id and uberctx-. The component improperly decodes these values without...

7.5CVSS6AI score0.00436EPSS
Exploits0References6
NVD
NVD
added 6 days ago10 views

CVE-2026-59892

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS0.00436EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-59892

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS6AI score0.00436EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42324

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS6AI score0.00436EPSS
Exploits0References3
CVE
CVE
added 6 days ago10 views

CVE-2026-59892

Summary: OpenTelemetry JavaScript’s JaegerPropagator (via @opentelemetry/propagator-jaeger) decodes uber-trace-id and uberctx-* headers with decodeURIComponent() without handling decode errors prior to 2.9.0, enabling an unauthenticated attacker to send a malformed percent-encoded value that resu...

7.5CVSS6AI score0.00436EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-56504

Name of the Vulnerable Software and Affected Versions @opentelemetry/propagator-jaeger versions prior to 2.9.0 Description The @opentelemetry/propagator-jaeger component decodes incoming uber-trace-id and uberctx- HTTP header values using the decodeURIComponent function without proper error...

7.5CVSS6AI score0.00436EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/06/10 9:34 a.m.8 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: jaeger: jaeger-2.19.0-1.hum1 aarch64, x8664 jaeger-2.19.0-1.hum1.src src...

8.9CVSS5AI score0.00761EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41078

OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...

5.9CVSS5.5AI score0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40894

OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...

5.3CVSS5.5AI score0.00458EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.13 views

FreeBSD : Grafana -- XSS in Grafana Explore stack trace (6cc28c49-58fe-11f1-b525-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6cc28c49-58fe-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2025-41117 reports: Stack traces in Grafana's...

6.8CVSS5.8AI score0.00239EPSS
Exploits0References3
Wolfi
Wolfi
added 2026/05/14 7:48 p.m.22 views

CVE-2026-44903 vulnerabilities

Vulnerabilities for packages: minio-operator, jaeger, cloud-sql-proxy, certificate-transparency, node-problem-detector, opentelemetry-collector-contrib, minio, telegraf, datadog-agent, mc, metrics-server, splunk-otel-collector, opentelemetry-operator, opentelemetry-collector,...

6.1CVSS6.1AI score0.00182EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/14 7:17 p.m.18 views

CVE-2026-44903 vulnerabilities

Vulnerabilities for packages: jaeger, trillian, nrdot-collector-k8s, minio-object-browser, opentelemetry-collector-contrib, opentelemetry-collector-contrib-fips, karma-fips, node-problem-detector, google-cloud-otel-ops-collector, datadog-agent-fips, beats, metrics-server-fips, ld-relay-fips, keda...

6.1CVSS6.1AI score0.00182EPSS
Exploits0
Wolfi
Wolfi
added 2026/05/06 7:48 p.m.21 views

GHSA-FW8G-CG8F-9J28 vulnerabilities

Vulnerabilities for packages: minio-operator, jaeger, cloud-sql-proxy, certificate-transparency, node-problem-detector, opentelemetry-collector-contrib, minio, telegraf, datadog-agent, mc, metrics-server, splunk-otel-collector, opentelemetry-operator, opentelemetry-collector,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/05/06 7:17 p.m.14 views

GHSA-FW8G-CG8F-9J28 vulnerabilities

Vulnerabilities for packages: jaeger, trillian, nrdot-collector-k8s, minio-object-browser, opentelemetry-collector-contrib, opentelemetry-collector-contrib-fips, karma-fips, node-problem-detector, google-cloud-otel-ops-collector, datadog-agent-fips, beats, metrics-server-fips, ld-relay-fips, keda...

6.1AI score
Exploits0
Snyk
Snyk
added 2026/04/23 9:43 p.m.6 views

Memory Allocation with Excessive Size Value

Overview OpenTelemetry.Extensions.Propagators is a package containing propagator formats for OpenTelemetry .NET. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the processing of propagation headers such as baggage, B3, and Jaeger. An attacker ca...

6.9CVSS5.5AI score0.00458EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/23 9:43 p.m.98 views

OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers

Summary The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service DoS in the consuming application. Details...

5.3CVSS5.8AI score0.00458EPSS
Exploits0References10Affected Software2
OSV
OSV
added 2026/04/23 9:43 p.m.20 views

GHSA-G94R-2VXG-569J OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers

Summary The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service DoS in the consuming application. Details...

5.3CVSS5.8AI score0.00458EPSS
Exploits0References10
NVD
NVD
added 2026/04/23 7:17 p.m.6 views

CVE-2026-41078

OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...

5.9CVSS0.00222EPSS
Exploits0References1
CVE
CVE
added 2026/04/23 6:5 p.m.29 views

CVE-2026-41078

OpenTelemetry dotnet CVE-2026-41078 affects OpenTelemetry.Exporter.Jaeger (pre-1.6.0-rc.1 and earlier). The issue: memory pressure caused by unbounded pooled-list sizing in the Jaeger exporter conversion path, where oversized allocations from large span/tag sets can be reused for later allocation...

5.9CVSS5.7AI score0.00222EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/23 6:5 p.m.4 views

CVE-2026-41078

OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...

5.9CVSS5.7AI score0.00222EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder