VYPR

Opentelemetry Js

by Opentelemetry

Source repositories

CVEs (2)

  • CVE-2026-44902HigMay 27, 2026
    risk 0.49cvss 7.5epss 0.00

    opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint (default 0.0.0.0:9464) has no error handling around URL parsing, so a…

  • CVE-2026-54285Jun 15, 2026
    risk 0.00cvss epss 0.00

    ## Overview `W3CBaggagePropagator.extract()` in `@opentelemetry/core` does not enforce size limits when parsing inbound `baggage` HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were only enforced on the outbound…