{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T00:22:00.137","vulnerabilities":[{"cve":{"id":"CVE-2023-43810","sourceIdentifier":"security-advisories@github.com","published":"2023-10-06T14:15:12.267","lastModified":"2024-11-21T08:24:49.610","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label `http_method` that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. HTTP method for requests can be easily set by an attacker to be random and long. In order to be affected program has to be instrumented for HTTP handlers and does not filter any unknown HTTP methods on the level of CDN, LB, previous middleware, etc. This issue has been patched in version 0.41b0."},{"lang":"es","value":"OpenTelemetry, también conocido como OTel para abreviar, es un framework de observabilidad de código abierto, independiente del proveedor, para instrumentar, generar, recopilar y exportar datos de telemetría, como seguimientos, métricas y registros. La instrumentación automática lista para usar agrega la etiqueta `http_method` que tiene cardinalidad ilimitada. Conduce al posible agotamiento de la memoria del servidor cuando se envían muchas peticiones maliciosas. Un atacante puede configurar fácilmente el método HTTP para solicitudes para que sea aleatorio y largo. Para verse afectado, el programa debe estar instrumentado para controladores HTTP y no filtrar ningún método HTTP desconocido en el nivel de CDN, LB, middleware anterior, etc. Este problema se solucionó en la versión 0.41b0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opentelemetry:opentelemetry:*:*:*:*:*:*:*:*","versionEndExcluding":"0.41b0","matchCriteriaId":"A42C146C-19B1-44AE-94AB-9947D465623B"}]}]}],"references":[{"url":"https://github.com/open-telemetry/opentelemetry-python-contrib/commit/6007e0c013071e7f8b9612d3bc68aeb9d600d74e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-telemetry/opentelemetry-python-contrib/releases/tag/v0.41b0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/open-telemetry/opentelemetry-python-contrib/security/advisories/GHSA-5rv5-6h4r-h22v","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/open-telemetry/opentelemetry-python-contrib/commit/6007e0c013071e7f8b9612d3bc68aeb9d600d74e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/open-telemetry/opentelemetry-python-contrib/releases/tag/v0.41b0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://github.com/open-telemetry/opentelemetry-python-contrib/security/advisories/GHSA-5rv5-6h4r-h22v","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}