42 matches found
CVE-2026-41310
OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...
CVE-2026-43869 vulnerabilities
Vulnerabilities for packages: zipkin, spark...
GHSA-7PWC-H2J2-RJGJ vulnerabilities
Vulnerabilities for packages: zipkin, spark...
CVE-2026-41310
OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...
EUVD-2026-28222
OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...
CVE-2026-41310
OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...
CVE-2026-41310 OpenTelemetry .NET Zipkin exporter has unbounded remote endpoint cache leading to memory growth
OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...
CVE-2026-41310
OpenTelemetry.Exporter.Zipkin for .NET (Zipkin exporter) has an unbounded remote endpoint cache in versions up to 1.15.2, where keys derived from span attributes can grow without bound in high-cardinality scenarios, leading to memory growth and degraded availability. The issue is addressed in ver...
CVE-2026-41310 OpenTelemetry .NET Zipkin exporter has unbounded remote endpoint cache leading to memory growth
OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...
OpenTelemetry 资源管理错误漏洞
OpenTelemetry is an open-source, vendor-neutral, open-source observability framework developed by OpenTelemetry. Versions of OpenTelemetry 1.15.2 and earlier contained a resource management vulnerability. This vulnerability stemmed from the Zipkin exporter’s remote endpoint caching unbounded key...
GHSA-88HF-WF7H-7W4M OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure
Summary The Zipkin exporter remote endpoint cache accepted unbounded key growth derived from span attributes. In high-cardinality scenarios, this could increase process memory usage over time and degrade availability. Details - Introduce a bounded, thread-safe LRU cache for remote endpoints. -...
Allocation of Resources Without Limits or Throttling
Overview OpenTelemetry.Exporter.Zipkin is a Zipkin Exporter for OpenTelemetry .NET. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded growth of the remote endpoint cache derived from span attributes. An attacker can cause...
OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure
Summary The Zipkin exporter remote endpoint cache accepted unbounded key growth derived from span attributes. In high-cardinality scenarios, this could increase process memory usage over time and degrade availability. Details - Introduce a bounded, thread-safe LRU cache for remote endpoints. -...
PT-2026-35933
Name of the Vulnerable Software and Affected Versions OpenTelemetry.Exporter.Zipkin versions prior to 1.15.3 Description The remote endpoint cache in the Zipkin exporter accepts unbounded key growth derived from span attributes. In high-cardinality scenarios—situations where there is a large numb...
EUVD-2025-20090
Malicious code in bioql PyPI...
Sensitive Information Exposure
io.zipkin, zipkin-server is vulnerable to Sensitive Information Exposure. The vulnerability is due to the presence of an unprotected /heapdump endpoint associated with Spring Boot Actuator, which allows an attacker to retrieve memory dumps and potentially extract sensitive data. Note: There is a...
CVE-2025-53602
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
io.zipkin:benchmarks (=2.22.1) potentially affected by CVE-2025-53602 via io.zipkin:zipkin-server (=2.22.1)
io.zipkin:zipkin-server MAVEN version =2.22.1 is affected by a known vulnerability. The following packages have a transitive dependency on io.zipkin:zipkin-server and may be impacted: - io.zipkin:benchmarks =2.22.1 Source cves: CVE-2025-53602 Source advisory: SNYK:JAVA-IOZIPKIN-10639631...
io.zipkin:benchmarks (=2.22.1) potentially affected by CVE-2025-53602 via io.zipkin:zipkin-server (=2.22.1)
io.zipkin:zipkin-server MAVEN version =2.22.1 is affected by a known vulnerability. The following packages have a transitive dependency on io.zipkin:zipkin-server and may be impacted: - io.zipkin:benchmarks =2.22.1 Source cves: CVE-2025-53602 Source advisory: OSV:GHSA-794X-8X6X-QPFC...
GHSA-794X-8X6X-QPFC Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...