Lucene search
K

4 matches found

Snyk
Snyk
added 2026/06/08 12:0 a.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via HTTP server metrics instrumentation in Micrometer. An attacker can cause denial of service by sending specially crafted HTTP requests that trigger excessive resource consumption...

8.2CVSS5.5AI score0.00623EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/11/23 12:21 p.m.74 views

CVE-2023-47108

A memory exhaustion flaw was found in the otelgrpc handler of open-telemetry. This flaw may allow a remote unauthenticated attacker to flood the peer address and port and exhaust the server's memory by sending multiple malicious requests, affecting the availability of the system. Mitigation As a...

7.5CVSS7.5AI score0.01592EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2023/11/12 12:0 a.m.65 views

otelgrpc DoS vulnerability due to unbound cardinality metrics

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustio...

7.5CVSS7AI score0.01592EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2023/11/10 7:15 p.m.39 views

Code injection

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustio...

5CVSS7AI score0.01592EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder