4 matches found
CVE-2026-54285
Opentelemetry-js (OpenTelemetry JavaScript client) is affected by CVE-2026-54285 through the W3CBaggagePropagator.extract() path in @opentelemetry/core prior to 2.8.0, where inbound baggage headers were not capped and could trigger memory allocation proportional to header size. The issue is fixed...
CVE-2026-44902
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...
CVE-2026-44902 opentelemetry-js: Prometheus exporter process crash via malformed HTTP request
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...
CVE-2026-44902
creationtimestamp| type| source ---|---|--- 2026-05-06 15:40:57+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-q7rr-3cgh-j5r3 2026-05-27 17:02:41+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmtye5ufzl2t...