exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2026-39882

7 дней назад

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection). This vulnerability is fixed in 1.43.0.

CVSS3: 5.3

EPSS: Низкий

CVE-2026-39882

7 дней назад

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection). This vulnerability is fixed in 1.43.0.

CVSS3: 5.3

EPSS: Низкий

CVE-2026-39882

5 дней назад

OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies

EPSS: Низкий

CVE-2026-39882

7 дней назад

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ...

CVSS3: 5.3

EPSS: Низкий

GHSA-w8rr-5gcm-pp58

7 дней назад

opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies

CVSS3: 5.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2026-39882 OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection). This vulnerability is fixed in 1.43.0.	CVSS3: 5.3	0% Низкий	7 дней назад
CVE-2026-39882 OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection). This vulnerability is fixed in 1.43.0.	CVSS3: 5.3	0% Низкий	7 дней назад
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies		0% Низкий	5 дней назад
CVE-2026-39882 OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ...	CVSS3: 5.3	0% Низкий	7 дней назад
GHSA-w8rr-5gcm-pp58 opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies	CVSS3: 5.3	0% Низкий	7 дней назад

Уязвимостей на страницу