Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Vulnerability reported with otelgrpc. Is there a plan to upgrade this specific lib in the upcoming release? #3844

Open
kartkaru-orcl opened this issue Nov 27, 2024 · 0 comments
Open

Security Vulnerability reported with otelgrpc. Is there a plan to upgrade this specific lib in the upcoming release? #3844

kartkaru-orcl opened this issue Nov 27, 2024 · 0 comments
Labels
kind/question Categorizes issue related to a new question

Comments

@kartkaru-orcl
Copy link

Please describe your problem in detail

We are currently using the latest 1.10.0 release. We got caught in a vulnerability scan which reports an issue with the module go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc.
Kindly fix this vulnerability. Please let me know when we can expect this to be fixed.

Security description:
High Vulnerability found in non-os package type (go-module) - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc(cvss_v3_base_score=7.5)(GHSA-8pgv-569h-w5rw - GHSA-8pgv-569h-w5rw). otelgrpc DoS vulnerability due to unbound cardinality metrics Package paths: /usr/local/bin/vc-webhook-manager

Advisory Link: GHSA-8pgv-569h-w5rw

Any other relevant information

No response
@kartkaru-orcl kartkaru-orcl added the kind/question Categorizes issue related to a new question label Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/question Categorizes issue related to a new question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kartkaru-orcl