Vulnerability	Vulnerable Version
H Uncontrolled Resource Consumption ('Resource Exhaustion') opentelemetry-instrumentation is a This package provides a couple of commands that help automatically instruments a program. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') when the `http_method` label is used due to its unbound cardinality. An attacker can potentially exhaust the server's memory by sending numerous malicious requests. Note: This is only exploitable if the program is instrumented for HTTP handlers and does not filter any unknown HTTP methods at the level of CDN, LB, previous middleware, etc. How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? Upgrade `opentelemetry-instrumentation` to version 0.41b0 or higher.	[,0.41b0)

Uncontrolled Resource Consumption ('Resource Exhaustion')

opentelemetry-instrumentation is a This package provides a couple of commands that help automatically instruments a program.

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') when the http_method label is used due to its unbound cardinality. An attacker can potentially exhaust the server's memory by sending numerous malicious requests.

Note:

This is only exploitable if the program is instrumented for HTTP handlers and does not filter any unknown HTTP methods at the level of CDN, LB, previous middleware, etc.

How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')?

Upgrade opentelemetry-instrumentation to version 0.41b0 or higher.

[,0.41b0)

Go back to all versions of this package