VDB
GO-2023-2331
GO-2023-2331
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Denial of service in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| go.opentelemetry.io | contrib/instrumentation/google.golang.org/grpc/otelgrpc | 0.37.0, 0.37.0 |
Timeline
- Jun 27, 2024 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-8pgv-569h-w5rw advisory
- https://github.com/open-telemetry/opentelemetry-go-contrib/commit/b44dfc9092b157625a5815cb437583cee663333b patch
- https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4322 patch
- https://pkg.go.dev/go.opentelemetry.io/otel/metric/noop#NewMeterProvider url