Linux Foundation Opentelemetry Go Contrib
By the Year
In 2024 there have been 0 vulnerabilities in Linux Foundation Opentelemetry Go Contrib . Last year Opentelemetry Go Contrib had 1 security vulnerability published. Right now, Opentelemetry Go Contrib is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 7.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Opentelemetry Go Contrib vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Linux Foundation Opentelemetry Go Contrib Security Vulnerabilities
opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go
CVE-2023-25151
7.5 - High
- February 08, 2023
opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` uses the `httpconv.ServerRequest` function to annotate metric measurements for the `http.server.request_content_length`, `http.server.response_content_length`, and `http.server.duration` instruments. The `ServerRequest` function sets the `http.target` attribute value to be the whole request URI (including the query string)[^1]. The metric instruments do not "forget" previous measurement attributes when `cumulative` temporality is used, this means the cardinality of the measurements allocated is directly correlated with the unique URIs handled. If the query string is constantly random, this will result in a constant increase in memory allocation that can be used in a denial-of-service attack. This issue has been addressed in version 0.39.0. Users are advised to upgrade. There are no known workarounds for this issue.
Resource Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Linux Foundation Opentelemetry Go Contrib or by Linux Foundation? Click the Watch button to subscribe.
