Vulnerabilidades en open-telemetry
44 resultadosCVE-2026-41310MEDIUMOpenTelemetry .NET Zipkin exporter has unbounded remote endpoint cache leading to memory growthEPSS 0.3%CVE-2026-42348MEDIUMOpAMP client reads unbounded HTTP response bodiesEPSS 0.3%CVE-2026-40182MEDIUMOpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodiesEPSS 0.3%CVE-2026-41173MEDIUMUnbounded HTTP response body read in OpenTelemetry.Sampler.AWSEPSS 0.3%CVE-2024-32028MEDIUMSensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCoreEPSS 0.3%CVE-2026-45681MEDIUMOpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB sizeEPSS 0.3%CVE-2026-54285MEDIUMopentelemetry-js: Unbounded memory allocation in W3C Baggage propagationEPSS 0.2%CVE-2026-41178MEDIUMOpenTelemetry-Go's baggage parsing no longer caps raw header lengthEPSS 0.2%CVE-2026-41078MEDIUMOpenTelemetry dotnet: Potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion pathEPSS 0.2%CVE-2026-42602HIGHazureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replayEPSS 0.2%CVE-2026-45679MEDIUMOpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messagesEPSS 0.2%CVE-2026-44213MEDIUMOpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configuredEPSS 0.2%CVE-2026-44967MEDIUMopentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP responseEPSS 0.2%CVE-2026-39883HIGHOpenTelemetry-Go has an incomplete fix for CVE-2026-24051: BSD kenv command not using absolute path enables PATH hijackingEPSS 0.2%CVE-2026-41433HIGHOpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIREPSS 0.2%CVE-2026-40891MEDIUMOpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handlingEPSS 0.2%CVE-2026-39882MEDIUMOpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodiesEPSS 0.2%CVE-2026-45683LOWOpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosureEPSS 0.2%CVE-2026-45684MEDIUMOpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffersEPSS 0.2%CVE-2026-45287LOWOpenTelemetry-Go's Schema ParseFile leaks file descriptors on each parseEPSS 0.2%