VYPR

Go modules package

go.opentelemetry.io/otel

pkg:golang/go.opentelemetry.io/otel

Vulnerabilities (1)

  • CVE-2026-29181HigApr 7, 2026
    affected >= 1.36.0, < 1.41.0fixed 1.41.0

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many bagg