Open-Telemetry Opentelemetry-Go-Contrib vulnerabilities

CVE-2023-47108 [HIGH] CWE-770 CVE-2023-47108: OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in v OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious

CVE-2023-45142 [HIGH] CWE-770 CVE-2023-45142: OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wra OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can b

CVE-2023-25151 [HIGH] CWE-400 CVE-2023-25151: opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` uses the `httpconv.ServerRequest` function to annotate metric measurements for the `http.server.request_content_length`, `http.server.response_content_length`, and `http.server.duration` ins