{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T00:19:05.705","vulnerabilities":[{"cve":{"id":"CVE-2025-27513","sourceIdentifier":"security-advisories@github.com","published":"2025-03-05T19:15:39.337","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service (DoS) when a tracestate and traceparent header is received. Even if an application does not explicitly use trace context propagation, receiving these headers can still trigger high CPU usage. This issue impacts any application accessible over the web or backend services that process HTTP requests containing a tracestate header. Application may experience excessive resource consumption, leading to increased latency, degraded performance, or downtime. This vulnerability is fixed in 1.11.2."},{"lang":"es","value":"OpenTelemetry dotnet es un framework de telemetría de dotnet. Una vulnerabilidad en el paquete OpenTelemetry.Api 1.10.0 a 1.11.1 podría provocar una denegación de servicio (DoS) cuando se recibe un encabezado tracestate y traceparent. Incluso si una aplicación no utiliza explícitamente la propagación del contexto de seguimiento, la recepción de estos encabezados puede provocar un alto uso de la CPU. Este problema afecta a cualquier aplicación accesible a través de la web o servicios de backend que procesen solicitudes HTTP que contengan un encabezado tracestate. La aplicación puede experimentar un consumo excesivo de recursos, lo que genera mayor latencia, rendimiento degradado o tiempo de inactividad. Esta vulnerabilidad se solucionó en 1.11.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/open-telemetry/opentelemetry-dotnet/commit/1b555c1201413f2f55f2cd3c4ba03ef4b615b6b5","source":"security-advisories@github.com"},{"url":"https://github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-8785-wc3w-h8q6","source":"security-advisories@github.com"}]}}]}