CVE-2023-45142
CVE Details
Last Update
7/16/2024
NIST CVE Summary
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box
adds labels http.user_agent
and http.method
that have unbound cardinality. It leads to the server's potential memory
exhaustion when many malicious requests are sent to it.
Our Official Summary
CVE exists in k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.
CVE Severity
Status
Ongoing