Vulnerability Report: GO-2023-2113
- CVE-2023-45142, GHSA-rcjv-mgp8-qvmr
- Affects: go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful, go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin, and 5 more
- Published: Oct 16, 2023
- Modified: May 20, 2024
Memory exhaustion in go.opentelemetry.io/contrib/instrumentation
For detailed information about this vulnerability, visit https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr.
Affected Packages
-
PathGo VersionsSymbols
-
before v0.44.0
-
before v0.44.0
-
before v0.44.0
-
before v0.44.0
-
before v0.44.0
-
before v0.44.0
-
before v0.44.0
1 unexported affected symbols
- middleware.serveHTTP
Aliases
References
- https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr
- https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277
- https://vuln.go.dev/ID/GO-2023-2113.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.