VYPR

Opentelemetry Dotnet Contrib

by Opentelemetry

Source repositories

CVEs (9)

  • CVE-2026-44213MedMay 26, 2026
    risk 0.35cvss 6.5epss 0.00

    The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using…

  • CVE-2026-42348MedMay 12, 2026
    risk 0.31cvss 5.9epss 0.00

    OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes…

  • CVE-2026-41483MedMay 6, 2026
    risk 0.31cvss 5.9epss 0.00

    OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without any size…

  • CVE-2026-41173MedApr 23, 2026
    risk 0.31cvss 5.9epss 0.00

    The AWS X-Ray Remote Sampler package provides a sampler which can get sampling configurations from AWS X-Ray. Prior to 0.1.0-alpha.8, OpenTelemetry.Sampler.AWS reads unbounded HTTP response bodies from a configured AWS X-Ray remote sampling endpoint into memory. …

  • CVE-2026-41484MedMay 6, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport…

  • CVE-2023-47108Nov 10, 2023
    risk 0.00cvss epss 0.02

    OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound…

  • CVE-2023-45142Oct 12, 2023
    risk 0.00cvss epss 0.01

    OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious…

  • CVE-2023-43810Oct 6, 2023
    risk 0.00cvss epss 0.01

    OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label `http_method` that has…

  • CVE-2023-25151Feb 8, 2023
    risk 0.00cvss epss 0.01

    opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` uses the `httpconv.ServerRequest` function to annotate metric measurements for the…