漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Vulnerability Description
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection). This vulnerability is fixed in 1.43.0.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未经控制的内存分配
Vulnerability Title
OpenTelemetry-Go 安全漏洞
Vulnerability Description
OpenTelemetry-Go是OpenTelemetry - CNCF开源的一个开发者工具包。 OpenTelemetry-Go 1.43.0之前版本存在安全漏洞,该漏洞源于未限制响应体大小,可能导致内存耗尽。
CVSS Information
N/A
Vulnerability Type
N/A