Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-j28b-6m1n-2bdk
Summary
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics
### Summary

This handler wrapper https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65
out of the box adds labels

- `http.user_agent`
- `http.method`

that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it.

### Details

HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses [httpconv.ServerRequest](https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159) that records every value for HTTP [method](https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L204) and [User-Agent](https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223).

### PoC

Send many requests with long randomly generated HTTP methods or/and User agents (e.g. a million) and observe how memory consumption increases during it.

### Impact

In order to be affected, the program has to configure a metrics pipeline, use [otelhttp.NewHandler](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65) wrapper, and does not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc.

### Others

It is similar to already reported vulnerabilities
- https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh ([open-telemetry/opentelemetry-go-contrib](https://github.com/open-telemetry/opentelemetry-go-contrib))
- https://github.com/advisories/GHSA-cg3q-j54f-5p7p ([prometheus/client_golang](https://github.com/prometheus/client_golang))

### Workaround for affected versions

As a workaround to stop being affected [otelhttp.WithFilter()](https://pkg.go.dev/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/filters) can be used, but it requires manual careful configuration to not log certain requests entirely.

For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.

The other possibility is to disable HTTP metrics instrumentation by passing [`otelhttp.WithMeterProvider`](https://pkg.go.dev/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp#WithMeterProvider) option with [`noop.NewMeterProvider`](https://pkg.go.dev/go.opentelemetry.io/otel/metric/noop#NewMeterProvider).

### Solution provided by upgrading

In PR https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277, released with package version 0.44.0, the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed.

### References

- https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277
- https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0
Aliases
0
alias CVE-2023-45142
1
alias GHSA-rcjv-mgp8-qvmr
Fixed_packages
0
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=aarch64&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=aarch64&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=aarch64&distroversion=v3.20&reponame=community
1
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=x86_64&distroversion=v3.20&reponame=community
2
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=aarch64&distroversion=v3.22&reponame=community
3
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=s390x&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=s390x&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=s390x&distroversion=v3.22&reponame=community
4
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armhf&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=armhf&distroversion=v3.21&reponame=community
5
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armv7&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=armv7&distroversion=v3.22&reponame=community
6
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community
7
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=x86&distroversion=v3.22&reponame=community
8
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armhf&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armhf&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=armhf&distroversion=v3.20&reponame=community
9
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armv7&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armv7&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=armv7&distroversion=v3.20&reponame=community
10
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community
11
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=riscv64&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=riscv64&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=riscv64&distroversion=v3.20&reponame=community
12
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=s390x&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=s390x&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=s390x&distroversion=v3.20&reponame=community
13
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=x86&distroversion=v3.20&reponame=community
14
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=aarch64&distroversion=v3.23&reponame=community
15
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armhf&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=armhf&distroversion=v3.23&reponame=community
16
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armv7&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=armv7&distroversion=v3.23&reponame=community
17
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community
18
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community
19
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=community
20
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=s390x&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=s390x&distroversion=v3.23&reponame=community
21
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=x86&distroversion=v3.23&reponame=community
22
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=x86_64&distroversion=v3.23&reponame=community
23
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=aarch64&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=aarch64&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=aarch64&distroversion=v3.21&reponame=community
24
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armv7&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armv7&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=armv7&distroversion=v3.21&reponame=community
25
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community
26
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=ppc64le&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=ppc64le&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community
27
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=riscv64&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=riscv64&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=riscv64&distroversion=v3.21&reponame=community
28
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=s390x&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=s390x&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=s390x&distroversion=v3.21&reponame=community
29
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=x86&distroversion=v3.21&reponame=community
30
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86_64&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86_64&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=x86_64&distroversion=v3.21&reponame=community
31
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armhf&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=armhf&distroversion=v3.22&reponame=community
32
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=ppc64le&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=ppc64le&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community
33
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=riscv64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=riscv64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=riscv64&distroversion=v3.22&reponame=community
34
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=x86_64&distroversion=v3.22&reponame=community
35
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=aarch64&distroversion=edge&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=aarch64&distroversion=edge&reponame=community
36
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armhf&distroversion=edge&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=armhf&distroversion=edge&reponame=community
37
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armv7&distroversion=edge&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=armv7&distroversion=edge&reponame=community
38
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=loongarch64&distroversion=edge&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=loongarch64&distroversion=edge&reponame=community
39
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=ppc64le&distroversion=edge&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=ppc64le&distroversion=edge&reponame=community
40
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=riscv64&distroversion=edge&reponame=community
41
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=s390x&distroversion=edge&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=s390x&distroversion=edge&reponame=community
42
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86&distroversion=edge&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=x86&distroversion=edge&reponame=community
43
url pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86_64&distroversion=edge&reponame=community
purl pkg:apk/alpine/k3s@1.29.3.1-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.29.3.1-r0%3Farch=x86_64&distroversion=edge&reponame=community
44
url pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful@0.44.0
purl pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful@0.44.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful@0.44.0
45
url pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin@0.44.0
purl pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin@0.44.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin@0.44.0
46
url pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux@0.44.0
purl pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux@0.44.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux@0.44.0
47
url pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho@0.44.0
purl pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho@0.44.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho@0.44.0
48
url pkg:golang/go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron@0.44.0
purl pkg:golang/go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron@0.44.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron@0.44.0
49
url pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@0.44.0
purl pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@0.44.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@0.44.0
50
url pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@0.44.0
purl pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@0.44.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@0.44.0
Affected_packages
0
url pkg:rpm/redhat/ceph@2:16.2.10-266?arch=el8cp
purl pkg:rpm/redhat/ceph@2:16.2.10-266?arch=el8cp
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h7qt-3g1f-5ffr
1
vulnerability VCID-j28b-6m1n-2bdk
2
vulnerability VCID-rka6-epua-h7gz
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ceph@2:16.2.10-266%3Farch=el8cp
1
url pkg:rpm/redhat/ceph-ansible@6.0.28.8-1?arch=el8cp
purl pkg:rpm/redhat/ceph-ansible@6.0.28.8-1?arch=el8cp
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h7qt-3g1f-5ffr
1
vulnerability VCID-j28b-6m1n-2bdk
2
vulnerability VCID-rka6-epua-h7gz
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ceph-ansible@6.0.28.8-1%3Farch=el8cp
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45142.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45142.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45142
reference_id
reference_type
scores
0
value 0.01159
scoring_system epss
scoring_elements 0.7861
published_at 2026-04-16T12:55:00Z
1
value 0.01159
scoring_system epss
scoring_elements 0.78581
published_at 2026-04-13T12:55:00Z
2
value 0.01159
scoring_system epss
scoring_elements 0.7859
published_at 2026-04-12T12:55:00Z
3
value 0.01159
scoring_system epss
scoring_elements 0.78608
published_at 2026-04-18T12:55:00Z
4
value 0.01159
scoring_system epss
scoring_elements 0.78583
published_at 2026-04-09T12:55:00Z
5
value 0.01159
scoring_system epss
scoring_elements 0.78551
published_at 2026-04-07T12:55:00Z
6
value 0.01159
scoring_system epss
scoring_elements 0.78577
published_at 2026-04-08T12:55:00Z
7
value 0.01159
scoring_system epss
scoring_elements 0.78569
published_at 2026-04-04T12:55:00Z
8
value 0.01159
scoring_system epss
scoring_elements 0.78538
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45142
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/advisories/GHSA-cg3q-j54f-5p7p
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-cg3q-j54f-5p7p
4
reference_url https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-telemetry/opentelemetry-go/blob/38e1b499c3da3107694ad2660b3888eee9c8b896/semconv/internal/v2/http.go#L223
5
reference_url https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159
6
reference_url https://github.com/open-telemetry/opentelemetry-go-contrib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-telemetry/opentelemetry-go-contrib
7
reference_url https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.go#L63-L65
8
reference_url https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277
9
reference_url https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-telemetry/opentelemetry-go-contrib/releases/tag/v1.19.0
10
reference_url https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-5r5m-65gx-7vrh
11
reference_url https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTRJ54INZG3OC2FTAN6AFB2RYNY2GAD
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTRJ54INZG3OC2FTAN6AFB2RYNY2GAD
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45142
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45142
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2245180
reference_id 2245180
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2245180
15
reference_url https://access.redhat.com/errata/RHSA-2023:7197
reference_id RHSA-2023:7197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7197
16
reference_url https://access.redhat.com/errata/RHSA-2023:7198
reference_id RHSA-2023:7198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7198
17
reference_url https://access.redhat.com/errata/RHSA-2023:7469
reference_id RHSA-2023:7469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7469
18
reference_url https://access.redhat.com/errata/RHSA-2023:7470
reference_id RHSA-2023:7470
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7470
19
reference_url https://access.redhat.com/errata/RHSA-2023:7555
reference_id RHSA-2023:7555
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7555
20
reference_url https://access.redhat.com/errata/RHSA-2023:7599
reference_id RHSA-2023:7599
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7599
21
reference_url https://access.redhat.com/errata/RHSA-2023:7663
reference_id RHSA-2023:7663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7663
22
reference_url https://access.redhat.com/errata/RHSA-2023:7681
reference_id RHSA-2023:7681
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7681
23
reference_url https://access.redhat.com/errata/RHSA-2023:7682
reference_id RHSA-2023:7682
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7682
24
reference_url https://access.redhat.com/errata/RHSA-2023:7831
reference_id RHSA-2023:7831
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7831
25
reference_url https://access.redhat.com/errata/RHSA-2024:0050
reference_id RHSA-2024:0050
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0050
26
reference_url https://access.redhat.com/errata/RHSA-2024:0204
reference_id RHSA-2024:0204
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0204
27
reference_url https://access.redhat.com/errata/RHSA-2024:0641
reference_id RHSA-2024:0641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0641
28
reference_url https://access.redhat.com/errata/RHSA-2024:0642
reference_id RHSA-2024:0642
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0642
29
reference_url https://access.redhat.com/errata/RHSA-2024:0660
reference_id RHSA-2024:0660
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0660
30
reference_url https://access.redhat.com/errata/RHSA-2024:0766
reference_id RHSA-2024:0766
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0766
31
reference_url https://access.redhat.com/errata/RHSA-2024:0833
reference_id RHSA-2024:0833
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0833
32
reference_url https://access.redhat.com/errata/RHSA-2024:1328
reference_id RHSA-2024:1328
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1328
33
reference_url https://access.redhat.com/errata/RHSA-2024:1859
reference_id RHSA-2024:1859
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1859
34
reference_url https://access.redhat.com/errata/RHSA-2024:2773
reference_id RHSA-2024:2773
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2773
35
reference_url https://access.redhat.com/errata/RHSA-2024:4118
reference_id RHSA-2024:4118
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4118
36
reference_url https://access.redhat.com/errata/RHSA-2024:5433
reference_id RHSA-2024:5433
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5433
37
reference_url https://access.redhat.com/errata/RHSA-2024:6236
reference_id RHSA-2024:6236
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6236
38
reference_url https://access.redhat.com/errata/RHSA-2024:6811
reference_id RHSA-2024:6811
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6811
39
reference_url https://access.redhat.com/errata/RHSA-2024:7921
reference_id RHSA-2024:7921
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7921
Weaknesses
0
cwe_id 770
name Allocation of Resources Without Limits or Throttling
description The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-j28b-6m1n-2bdk