Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/80970?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80970?format=api", "vulnerability_id": "VCID-jndd-511q-v7bp", "summary": "OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spans could experience avoidable memory growth under sustained unique remote endpoint values, increasing process memory usage over time and degrading availability. This issue is fixed in version 1.15.3, which introduces a bounded, thread-safe LRU cache for remote endpoints with a fixed maximum size.", "aliases": [ { "alias": "CVE-2026-41310" }, { "alias": "GHSA-88hf-wf7h-7w4m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373613?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.15.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.15.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1030224?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.0.0-rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.0.0-rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030225?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.0.0-rc3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.0.0-rc3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030226?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.0.0-rc4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.0.0-rc4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030227?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030228?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.1.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.1.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030229?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.1.0-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.1.0-beta2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030230?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.1.0-beta3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.1.0-beta3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030231?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.1.0-beta4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.1.0-beta4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030232?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.1.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.1.0-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030233?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030234?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030235?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-alpha3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-alpha3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030236?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-alpha4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-alpha4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030237?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030238?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030239?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030240?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-rc3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-rc3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030241?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-rc4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-rc4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030242?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-rc5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0-rc5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030243?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030244?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030245?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030246?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030247?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030248?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030249?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030250?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030251?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030252?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030253?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030254?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030255?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030256?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030257?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030258?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.11.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030259?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.12.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030260?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.13.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030261?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.13.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.13.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030262?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.14.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.14.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030263?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.15.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.15.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030264?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.15.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1030265?format=api", "purl": "pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jndd-511q-v7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/OpenTelemetry.Exporter.Zipkin@1.15.2" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04706", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04699", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04719", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0472", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41310" }, { "reference_url": "https://github.com/open-telemetry/opentelemetry-dotnet", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/open-telemetry/opentelemetry-dotnet" }, { "reference_url": "https://github.com/open-telemetry/opentelemetry-dotnet/commit/c724f4bd6fd88e9a599af1668bf7af9487155b62", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/open-telemetry/opentelemetry-dotnet/commit/c724f4bd6fd88e9a599af1668bf7af9487155b62" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41310", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41310" }, { "reference_url": "https://github.com/open-telemetry/opentelemetry-dotnet/pull/7081", "reference_id": "7081", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:18:40Z/" } ], "url": "https://github.com/open-telemetry/opentelemetry-dotnet/pull/7081" }, { "reference_url": "https://github.com/advisories/GHSA-88hf-wf7h-7w4m", "reference_id": "GHSA-88hf-wf7h-7w4m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-88hf-wf7h-7w4m" }, { "reference_url": "https://github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-88hf-wf7h-7w4m", "reference_id": "GHSA-88hf-wf7h-7w4m", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:18:40Z/" } ], "url": "https://github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-88hf-wf7h-7w4m" } ], "weaknesses": [ { "cwe_id": 400, "name": "Uncontrolled Resource Consumption", "description": "The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources." }, { "cwe_id": 770, "name": "Allocation of Resources Without Limits or Throttling", "description": "The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jndd-511q-v7bp" }