blob: 851b44f8b0a627fc4ccdcf3b16a2b6b30aab0e4b [file] [log] [blame]
id: GO-2023-2113
modules:
- module: go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful
versions:
- fixed: 0.44.0
vulnerable_at: 0.43.0
packages:
- package: go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconvutil
symbols:
- httpConv.proto
derived_symbols:
- HTTPClientRequest
- HTTPServerRequest
- httpConv.ClientRequest
- httpConv.ServerRequest
- module: go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin
versions:
- fixed: 0.44.0
vulnerable_at: 0.43.0
packages:
- package: go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconvutil
symbols:
- httpConv.proto
derived_symbols:
- HTTPClientRequest
- HTTPServerRequest
- httpConv.ClientRequest
- httpConv.ServerRequest
- module: go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux
versions:
- fixed: 0.44.0
vulnerable_at: 0.43.0
packages:
- package: go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux/internal/semconvutil
symbols:
- httpConv.proto
derived_symbols:
- HTTPClientRequest
- HTTPServerRequest
- httpConv.ClientRequest
- httpConv.ServerRequest
- module: go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho
versions:
- fixed: 0.44.0
vulnerable_at: 0.43.0
packages:
- package: go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho/internal/semconvutil
symbols:
- httpConv.proto
derived_symbols:
- HTTPClientRequest
- HTTPServerRequest
- httpConv.ClientRequest
- httpConv.ServerRequest
- module: go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron
versions:
- fixed: 0.44.0
vulnerable_at: 0.43.0
packages:
- package: go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron/internal/semconvutil
symbols:
- httpConv.proto
derived_symbols:
- HTTPClientRequest
- HTTPServerRequest
- httpConv.ClientRequest
- httpConv.ServerRequest
- module: go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace
versions:
- fixed: 0.44.0
vulnerable_at: 0.43.0
packages:
- package: go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace/internal/semconvutil
symbols:
- httpConv.proto
derived_symbols:
- HTTPClientRequest
- HTTPServerRequest
- httpConv.ClientRequest
- httpConv.ServerRequest
- module: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
versions:
- fixed: 0.44.0
vulnerable_at: 0.43.0
packages:
- package: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
symbols:
- middleware.serveHTTP
summary: Memory exhaustion in go.opentelemetry.io/contrib/instrumentation
cves:
- CVE-2023-45142
ghsas:
- GHSA-rcjv-mgp8-qvmr
references:
- advisory: https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr
- fix: https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277