4 matches found
Allocation of Resources Without Limits or Throttling
Overview OpenTelemetry.Exporter.Zipkin is a Zipkin Exporter for OpenTelemetry .NET. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded growth of the remote endpoint cache derived from span attributes. An attacker can cause...
PT-2026-35933
Name of the Vulnerable Software and Affected Versions OpenTelemetry.Exporter.Zipkin versions prior to 1.15.3 Description The remote endpoint cache in the Zipkin exporter accepts unbounded key growth derived from span attributes. In high-cardinality scenarios—situations where there is a large numb...
PT-2024-22861 · Wallos · Wallos
Name of the Vulnerable Software and Affected Versions: Wallos versions prior to 1.15.3 Description: The issue is related to SQL Injection via the category and payment parameters to the "/subscriptions/get.php" API endpoint. This allows for potential exploitation. Recommendations: For versions pri...
UBUNTU-CVE-2022-36033
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...