VYPR

Opentelemetry Dotnet

by Opentelemetry

Source repositories

CVEs (4)

  • CVE-2025-27513HigMar 5, 2025
    risk 0.42cvss 7.5epss 0.00

    OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service (DoS) when a tracestate and traceparent header is received. Even if an application does not explicitly use trace context…

  • CVE-2026-42191MedMay 12, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetry Protocol) exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath() when…

  • CVE-2026-41310MedMay 6, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for…

  • CVE-2024-32028MedApr 12, 2024
    risk 0.20cvss 4.1epss 0.00

    OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and…