Homepage
About Snyk

opentelemetry-instrumentation@0.34b0 vulnerabilities

Instrumentation Tools & Auto Instrumentation for OpenTelemetry Python

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the opentelemetry-instrumentation package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Uncontrolled Resource Consumption ('Resource Exhaustion')

opentelemetry-instrumentation is a This package provides a couple of commands that help automatically instruments a program.

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') when the http_method label is used due to its unbound cardinality. An attacker can potentially exhaust the server's memory by sending numerous malicious requests.

Note:

This is only exploitable if the program is instrumented for HTTP handlers and does not filter any unknown HTTP methods at the level of CDN, LB, previous middleware, etc.

How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')?

Upgrade opentelemetry-instrumentation to version 0.41b0 or higher.

[,0.41b0)
Go back to all versions of this package