Common Vulnerabilities and Exposures
This is a list of reported Common Vulnerabilities and Exposures (CVEs) across all repositories in the OpenTelemetry organization on GitHub. The raw data is stored in the sig-security repository, and it is refreshed daily.
| CVE ID | Issue Summary | Severity | Repository |
|---|---|---|---|
| CVE-2024-36129 | Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC | high | opentelemetry-collector |
| CVE-2024-32028 | OpenTelemetry.Instrumentation.Http & OpenTelemetry.Instrumentation.AspNetCore packages log potentially sensitive query string parameters by default | medium | opentelemetry-dotnet |
| CVE-2023-47108 | DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics | high | opentelemetry-go-contrib |
| CVE-2023-39951 | Instrumentation for AWS SDK v2 captures email content when using Amazon Simple Email Service (SES) v1 API, exposing that content to the telemetry backend | medium | opentelemetry-java-instrumentation |
| CVE-2023-38704 | Unsanitized user controlled input in module generation | high | opentelemetry-js |
Feedback
Was this page helpful?
Thank you. Your feedback is appreciated!
Please let us know how we can improve this page. Your feedback is appreciated!