org.springframework.cloud:spring-cloud-sleuth-instrumentation@3.1.10
latest version
3.1.11
first published
5 years ago
latest version published
2 years ago
licenses detected
- [3.0.0,)
package registry
Direct Vulnerabilities
Known vulnerabilities in the org.springframework.cloud:spring-cloud-sleuth-instrumentation package. This does not include vulnerabilities belonging to this package’s dependencies.
Fix vulnerabilities automatically
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Spring TX (transaction) instrumentation classes in this package. A remote user can issue calls that drive the transaction instrumentation to allocate resources without limits or throttling, resulting in a denial-of-service (DoS) condition. Note: Spring Cloud Sleuth is end-of-life and has been superseded by Micrometer Tracing; the open source repository was archived on May 28, 2026, and no public fix commit exists. The fixed version 3.1.14 is available under Spring Enterprise Support only and is not published to Maven Central, where open source releases end at 3.1.11. How to fix Allocation of Resources Without Limits or Throttling? There is no fixed version for | [0,) |