VDB
BIT-opentelemetry-collector-2024-36129
BIT-opentelemetry-collector-2024-36129
PUBLISHED
CVSS 7.5 HIGH
OpenTelemetry Collector has a Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | opentelemetry-collector | 0, 0, 0 |
Timeline
- Nov 10, 2025 CVE Published
- Nov 10, 2025 CVE Updated
References
- https://github.com/open-telemetry/opentelemetry-collector/pull/10289 url
- https://github.com/open-telemetry/opentelemetry-collector/pull/10323 url
- https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v url
- https://nvd.nist.gov/vuln/detail/CVE-2024-36129 url
- https://opentelemetry.io/blog/2024/cve-2024-36129 url