Lucene search
K

5 matches found

OSV
OSV
added 2026/03/20 8:34 p.m.5 views

GHSA-394X-VWMW-CRM3 AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact A logic error in CN Common Name validation allows certificates with wildcard or raw UTF-8 Unicode CN values to bypass name constraints enforcement. The cn2dnsid function does not recognize these CN patterns as valid D...

8.2CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2023/02/08 10:32 p.m.26 views

GHSA-5R5M-65GX-7VRH otelhttp and otelbeego have DoS vulnerability for high cardinality metrics

Impact The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength, http.server.responsecontentlength, and http.server.duration instruments. The ServerRequest...

7.5CVSS8.8AI score0.01364EPSS
Exploits1References4
Prion
Prion
added 2023/02/08 8:15 p.m.17 views

Design/Logic Flaw

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

5CVSS7.4AI score0.00973EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/02/08 7:21 p.m.159 views

CVE-2023-25151

CVE-2023-25151 affects opentelemetry-go-contrib's otelhttp (v0.38.0) where ServerRequest records http.target as the full request URI (including query string). This causes high cardinality of metrics (http.server.request_content_length, http.server.response_content_length, http.server.duration) an...

7.5CVSS7.3AI score0.00973EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2022/05/23 12:0 a.m.27 views

Open Policy Agent Denial of Service Vulnerability

Open Policy Agent is a general-purpose policy engine that enables unified, context-aware policy enforcement across the stack. v0.39.0 of Open Policy Agent is vulnerable to a denial-of-service vulnerability that stems from an application misinterpreting each expression, triggering out-of-scope...

5CVSS4AI score0.0095EPSS
Exploits0Affected Software1
Rows per page
Query Builder