OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.
History

Wed, 18 Dec 2024 02:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:multicluster_engine:2.6::el8
cpe:/a:redhat:multicluster_engine:2.6::el9

Sat, 07 Dec 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat multicluster Engine
CPEs cpe:/a:redhat:multicluster_engine:2.7::el8
cpe:/a:redhat:multicluster_engine:2.7::el9
Vendors & Products Redhat multicluster Engine

Fri, 06 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.10::el9

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-11-10T18:31:33.730Z

Updated: 2024-09-03T17:26:56.850Z

Reserved: 2023-10-30T19:57:51.673Z

Link: CVE-2023-47108

cve-icon Vulnrichment

Updated: 2024-08-02T21:01:22.674Z

cve-icon NVD

Status : Modified

Published: 2023-11-10T19:15:16.410

Modified: 2024-11-21T08:29:47.600

Link: CVE-2023-47108

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-11-10T00:00:00Z

Links: CVE-2023-47108 - Bugzilla