EUVD-2009-1896

Malware in sbrugna...

GHSA-5RV5-6H4R-H22V opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics

Summary Autoinstrumentation out of the box adds the label httpmethod that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. Details HTTP method for requests can be easily set by an attacker to be random and long. PoC Send many...

GO-2022-0322 Uncontrolled resource consumption in github.com/prometheus/client_golang

The Prometheus clientgolang HTTP server is vulnerable to a denial of service attack when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of the promhttp.InstrumentHandler middleware except RequestsInFlight; not filter any specific...

Updated golang-github-prometheus-client packages fix security vulnerability

HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods...

Denial Of Service (DoS)

github.com/prometheus/clientgolang is vulnerable to Denial Of Service DoS. Lack of proper handling of requests with non-standard HTTP methods allows an attacker to cause unbounded cardinality, and potential memory exhaustion...

CVE-2022-21698

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

IBM WebSphere Application Server < 6.1.0.25 Multiple Vulnerabilities

Binary data 5077.prm...

IBM WebSphere Application Server < 6.0.2.35 Multiple Vulnerabilities

Binary data 5076.prm...