go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp

Go2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting go.opentelemetry.io/contrib/instrumentation/net/http/otelhttppage 1 of 1

CVE-2023-25151HIGHCVSS 7.5EG 7.5✓ Fixed in 0.39.0
2023-02-08
opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` uses the `httpconv.ServerRequest` function to annotate metric measurements …
CVE-2023-45142HIGHCVSS 7.5EG 7.5✓ Fixed in 0.44.0
2023-10-12
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memor…

Check whether go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp CVEs against the assets you own.

Start Free Scan →