Lucene search
+L

5 matches found

Github Security Blog
Github Security Blog
added 2026/04/29 8:17 p.m.11 views

OneCollector exporter reads unbounded HTTP response bodies

Summary When exporting telemetry to a back-end/collector over HTTP using the OpenTelemetry.Exporter.OneCollector exporter, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory with no upper-bound on the number of bytes consumed. This could cause...

5.9CVSS5.5AI score0.00338EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/23 9:26 p.m.22 views

GHSA-Q834-8QMM-V933 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

Summary When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory with no upper-bound on the number of bytes consumed. This could cause memory...

5.3CVSS5.8AI score0.00304EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/23 6:22 p.m.38 views

CVE-2026-41173 Unbounded HTTP response body read in OpenTelemetry.Sampler.AWS

The AWS X-Ray Remote Sampler package provides a sampler which can get sampling configurations from AWS X-Ray. Prior to 0.1.0-alpha.8, OpenTelemetry.Sampler.AWS reads unbounded HTTP response bodies from a configured AWS X-Ray remote sampling endpoint into memory. AWSXRaySamplerClient.DoRequestAsyn...

5.9CVSS0.00301EPSS
Exploits0References2
OSV
OSV
added 2026/04/08 9:17 p.m.13 views

UBUNTU-CVE-2026-39882

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/11 12:38 a.m.7 views

Quill has DoS via unbounded read of HTTP response body during notarization

Impact Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network conditions due to HTTPS with proper TLS...

5.3CVSS5.8AI score0.00088EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder