VDB
GO-2024-2900
GO-2024-2900
PUBLISHED
CVSS 6.900000095367432 MEDIUM
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC in go.opentelemetry.io/collector/config/configgrpc
Risk Scores
CVSS v4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| go.opentelemetry.io | collector/config/configgrpc | 0, 0 |
| go.opentelemetry.io | collector/config/confighttp | 0, 0 |
Timeline
- Jun 14, 2024 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v advisory
- https://github.com/open-telemetry/opentelemetry-collector/pull/10289 patch
- https://github.com/open-telemetry/opentelemetry-collector/pull/10323 patch
- https://opentelemetry.io/blog/2024/cve-2024-36129 url