Filtered by vendor Opentelemetry
Subscriptions
Filtered by product Opentelemetry-java
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-45292 | 1 Opentelemetry | 3 Opentelemetry-java, Opentelemetry.api, Opentelemetry.extensions.propagators | 2026-05-30 | 5.3 Medium |
| opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, the effect can fan out to downstream services that never received the original malicious request. This vulnerability is fixed in 1.62.0. | ||||
Page 1 of 1.