GCVE - cpe:2.3:a:opentelemetry:opentelemetry

Approved changes feed: RSS · Atom

cpe:2.3:a:opentelemetry:opentelemetry_collector:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Opentelemetry (`39d78cb4-5c3d-536d-a86d-5fcb2abd36d8`)
Product	Opentelemetry Collector (`44288d61-9857-54c8-ab70-8eb69228c136`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/open-telemetry/opentelemetry-collector`	purl2cpe	2026-06-01 10:13:47.631930
`pkg:golang/github.com/open-telemetry/opentelemetry-collector`	purl2cpe	2026-06-01 10:13:47.631931

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-36129`	vulnerable	2026-06-03 14:56:03.615727	OpenTelemetry Collector has a Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC HIGH (8.2) The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue. It is also fixed in the confighttp module version 0.102.0 and configgrpc module version 0.102.1. Published: 2024-06-05T17:26:13.903Z Updated: 2024-08-02T03:30:13.165Z Open on db.gcve.eu Reference links https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v https://github.com/open-telemetry/opentelemetry-collector/pull/10289 https://github.com/open-telemetry/opentelemetry-collector/pull/10323 https://opentelemetry.io/blog/2024/cve-2024-36129	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.