RHSA-2026:3427

Vulnerability from csaf_redhat - Published: 2026-02-26 11:02 - Updated: 2026-03-01 20:24
Summary
Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.9.0 release

Notes

Topic
Red Hat build of OpenTelemetry 3.9.0 has been released
Details
This release of the Red Hat build of OpenTelemetry provides new features, security improvements, and bug fixes. Breaking changes: * The deprecated OpenCensus Receiver, which provided backward compatibility with the OpenCensus project for easier migration of instrumented codebases, is removed and is no longer supported. You can use the OpenTelemetry Protocol (OTLP) and OTLP Receiver instead. Deprecations: * The `otlp` name for the OTLP gRPC Exporter in the OpenTelemetry Collector custom resource (CR) is deprecated. Use the `otlp_grpc` name instead. The `otlp` name will be removed in a future release. * The `otlphttp` name for the OTLP HTTP Exporter in the OpenTelemetry Collector custom resource (CR) is deprecated. Use the `otlp_http` name instead. The `otlphttp` name will be removed in a future release. Technology Preview features: * Nothing Enhancements: * The following components, available as a Technology Preview before this update, are fully supported from version 3.9: * Target Allocator * Prometheus Exporter * Prometheus Remote Write Exporter * Filter Processor * Transform Processor * Kubernetes Events Receiver * This update introduces the Metric Start Time Processor. You can use it to add start times to cumulative metrics after the Prometheus Receiver and benefit as follows: Improve historical data analysis by adding start time data for cumulative values. Enable the back end to accurately calculate request rates per minute. Enable threshold-based alerts. * This release upgrades the Red Hat Universal Base Image (UBI) to version 9. * This update adds support for overriding the Operator configuration by using environment variables. * This update adds support for Prometheus scrape classes in the Target Allocator component. * This update changes the configuration of the Kafka Receiver and Kafka Exporter in the OpenTelemetry Collector. The top-level encoding field is now deprecated. With this update, you must set encoding per signal type under logs, metrics, and traces. Use the raw encoding for logs only, because setting it at the top level and applied to all signal types causes a startup failure. For examples, see "Kafka Receiver" and "Kafka Exporter" in the Red Hat build of OpenTelemetry documentation (docs.redhat.com/en/documentation/red_hat_build_of_opentelemetry/latest/html-single/configuring_the_collector/index). Bug fixes: * Before this update, the NGINX and Apache instrumentation init containers were created by cloning the main container's configuration. As a consequence, there were issues with cloned liveness and readiness probes. With this release, the NGINX and Apache instrumentation init containers are defined independently, rather than inheriting inappropriate probe settings from the main container. As a result, issues with cloned liveness and readiness probes no longer occur. * Before this update, the ServiceMonitor for the Operator metrics was not created due to a bug. With this release, the ServiceMonitor for the Operator metrics is created. For more information, see https://issues.redhat.com/browse/TRACING-5919. * CVE-2025-61726: Before this update, a flaw existed in the `net/url` package in the Go standard library. As a consequence, a denial-of-service HTTP request with a massive number of query parameters could cause the application to consume an excessive amount of memory and eventually become unresponsive. This release eliminates this flaw. For more information, see https://access.redhat.com/security/cve/cve-2025-61726. Known issues: * The filesystem scraper does not produce the `system.filesystem.inodes.usage` and `system.filesystem.usage` metrics in the Host Metrics Receiver after upgrading from Collector version 0.142.0 to 0.143.0 or later. No known workaround exists. For more information, see https://issues.redhat.com/browse/TRACING-5963.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat build of OpenTelemetry 3.9.0 has been released",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This release of the Red Hat build of OpenTelemetry provides new features, security improvements, and bug fixes.\n\n\nBreaking changes:\n\n* The deprecated OpenCensus Receiver, which provided backward compatibility with the OpenCensus project for easier migration of instrumented codebases, is removed and is no longer supported. You can use the OpenTelemetry Protocol (OTLP) and OTLP Receiver instead.\n\n\nDeprecations:\n\n* The `otlp` name for the OTLP gRPC Exporter in the OpenTelemetry Collector custom resource (CR) is deprecated. Use the `otlp_grpc` name instead. The `otlp` name will be removed in a future release.\n\n* The `otlphttp` name for the OTLP HTTP Exporter in the OpenTelemetry Collector custom resource (CR) is deprecated. Use the `otlp_http` name instead. The `otlphttp` name will be removed in a future release.\n\n\nTechnology Preview features:\n\n* Nothing\n\n\nEnhancements:\n\n* The following components, available as a Technology Preview before this update, are fully supported from version 3.9:\n\n  * Target Allocator\n  * Prometheus Exporter\n  * Prometheus Remote Write Exporter\n  * Filter Processor\n  * Transform Processor\n  * Kubernetes Events Receiver\n\n* This update introduces the Metric Start Time Processor. You can use it to add start times to cumulative metrics after the Prometheus Receiver and benefit as follows: Improve historical data analysis by adding start time data for cumulative values. Enable the back end to accurately calculate request rates per minute. Enable threshold-based alerts.\n\n* This release upgrades the Red Hat Universal Base Image (UBI) to version 9.\n\n* This update adds support for overriding the Operator configuration by using environment variables.\n\n* This update adds support for Prometheus scrape classes in the Target Allocator component.\n\n* This update changes the configuration of the Kafka Receiver and Kafka Exporter in the OpenTelemetry Collector. The top-level encoding field is now deprecated. With this update, you must set encoding per signal type under logs, metrics, and traces. Use the raw encoding for logs only, because setting it at the top level and applied to all signal types causes a startup failure. For examples, see \"Kafka Receiver\" and \"Kafka Exporter\" in the Red Hat build of OpenTelemetry documentation (docs.redhat.com/en/documentation/red_hat_build_of_opentelemetry/latest/html-single/configuring_the_collector/index).\n\nBug fixes:\n\n* Before this update, the NGINX and Apache instrumentation init containers were created by cloning the main container\u0027s configuration. As a consequence, there were issues with cloned liveness and readiness probes. With this release, the NGINX and Apache instrumentation init containers are defined independently, rather than inheriting inappropriate probe settings from the main container. As a result, issues with cloned liveness and readiness probes no longer occur.\n\n* Before this update, the ServiceMonitor for the Operator metrics was not created due to a bug. With this release, the ServiceMonitor for the Operator metrics is created. For more information, see https://issues.redhat.com/browse/TRACING-5919.\n\n* CVE-2025-61726: Before this update, a flaw existed in the `net/url` package in the Go standard library. As a consequence, a denial-of-service HTTP request with a massive number of query parameters could cause the application to consume an excessive amount of memory and eventually become unresponsive. This release eliminates this flaw. For more information, see https://access.redhat.com/security/cve/cve-2025-61726.\n\n\nKnown issues:\n\n* The filesystem scraper does not produce the `system.filesystem.inodes.usage` and `system.filesystem.usage` metrics in the Host Metrics Receiver after upgrading from Collector version 0.142.0 to 0.143.0 or later. No known workaround exists. For more information, see https://issues.redhat.com/browse/TRACING-5963.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:3427",
        "url": "https://access.redhat.com/errata/RHSA-2026:3427"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
        "url": "https://access.redhat.com/security/cve/CVE-2025-61726"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/red_hat_build_of_opentelemetry",
        "url": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/red_hat_build_of_opentelemetry"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3427.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.9.0 release",
    "tracking": {
      "current_release_date": "2026-03-01T20:24:14+00:00",
      "generator": {
        "date": "2026-03-01T20:24:14+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.2"
        }
      },
      "id": "RHSA-2026:3427",
      "initial_release_date": "2026-02-26T11:02:21+00:00",
      "revision_history": [
        {
          "date": "2026-02-26T11:02:21+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-02-26T11:02:23+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-01T20:24:14+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift distributed tracing 3.9.0",
                "product": {
                  "name": "Red Hat OpenShift distributed tracing 3.9.0",
                  "product_id": "Red Hat OpenShift distributed tracing 3.9.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift distributed tracing"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:299677474d73be959b3b229c7e534c7d1f88aafc5265850c0dcd62874d38a119_amd64",
                "product": {
                  "name": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:299677474d73be959b3b229c7e534c7d1f88aafc5265850c0dcd62874d38a119_amd64",
                  "product_id": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:299677474d73be959b3b229c7e534c7d1f88aafc5265850c0dcd62874d38a119_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opentelemetry-operator-bundle@sha256%3A299677474d73be959b3b229c7e534c7d1f88aafc5265850c0dcd62874d38a119?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771520786"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:f970e31da49e636dcf93d989cae7b4a0c752d0dea05a3f9fcdcf5b2c6ac5f04e_amd64",
                "product": {
                  "name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:f970e31da49e636dcf93d989cae7b4a0c752d0dea05a3f9fcdcf5b2c6ac5f04e_amd64",
                  "product_id": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:f970e31da49e636dcf93d989cae7b4a0c752d0dea05a3f9fcdcf5b2c6ac5f04e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opentelemetry-collector-rhel9@sha256%3Af970e31da49e636dcf93d989cae7b4a0c752d0dea05a3f9fcdcf5b2c6ac5f04e?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771517504"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:35e040b1ef8572a328fdd6ef47080a4ab7283d163692ca512a484532a4baa26d_amd64",
                "product": {
                  "name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:35e040b1ef8572a328fdd6ef47080a4ab7283d163692ca512a484532a4baa26d_amd64",
                  "product_id": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:35e040b1ef8572a328fdd6ef47080a4ab7283d163692ca512a484532a4baa26d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opentelemetry-rhel9-operator@sha256%3A35e040b1ef8572a328fdd6ef47080a4ab7283d163692ca512a484532a4baa26d?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771517356"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:2b20f7c4e45efe3b492822550db1160bc36e9834d684a83f869e45e282c2529a_amd64",
                "product": {
                  "name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:2b20f7c4e45efe3b492822550db1160bc36e9834d684a83f869e45e282c2529a_amd64",
                  "product_id": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:2b20f7c4e45efe3b492822550db1160bc36e9834d684a83f869e45e282c2529a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opentelemetry-target-allocator-rhel9@sha256%3A2b20f7c4e45efe3b492822550db1160bc36e9834d684a83f869e45e282c2529a?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771517323"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:35e07bd8a1f487a2fcb1f39579d8988a5cd037250a92408e4cf91b14054fa25e_arm64",
                "product": {
                  "name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:35e07bd8a1f487a2fcb1f39579d8988a5cd037250a92408e4cf91b14054fa25e_arm64",
                  "product_id": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:35e07bd8a1f487a2fcb1f39579d8988a5cd037250a92408e4cf91b14054fa25e_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opentelemetry-collector-rhel9@sha256%3A35e07bd8a1f487a2fcb1f39579d8988a5cd037250a92408e4cf91b14054fa25e?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771517504"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:a9b078c2d669a38409669a464b5fb5d9003ee8f4d1dd9fce5cbe8f24c1b70ed2_arm64",
                "product": {
                  "name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:a9b078c2d669a38409669a464b5fb5d9003ee8f4d1dd9fce5cbe8f24c1b70ed2_arm64",
                  "product_id": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:a9b078c2d669a38409669a464b5fb5d9003ee8f4d1dd9fce5cbe8f24c1b70ed2_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opentelemetry-rhel9-operator@sha256%3Aa9b078c2d669a38409669a464b5fb5d9003ee8f4d1dd9fce5cbe8f24c1b70ed2?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771517356"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:f722ba5871a6c036db161d5ca47c878044e9fe7e31dadcc402c5ed83e5a14b7f_arm64",
                "product": {
                  "name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:f722ba5871a6c036db161d5ca47c878044e9fe7e31dadcc402c5ed83e5a14b7f_arm64",
                  "product_id": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:f722ba5871a6c036db161d5ca47c878044e9fe7e31dadcc402c5ed83e5a14b7f_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opentelemetry-target-allocator-rhel9@sha256%3Af722ba5871a6c036db161d5ca47c878044e9fe7e31dadcc402c5ed83e5a14b7f?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771517323"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:aab9d277ecf66ac98e1b582ca559afba360d15bd3695e9b82f4e2975cd94d83e_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:aab9d277ecf66ac98e1b582ca559afba360d15bd3695e9b82f4e2975cd94d83e_ppc64le",
                  "product_id": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:aab9d277ecf66ac98e1b582ca559afba360d15bd3695e9b82f4e2975cd94d83e_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opentelemetry-collector-rhel9@sha256%3Aaab9d277ecf66ac98e1b582ca559afba360d15bd3695e9b82f4e2975cd94d83e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771517504"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:68d386236922cc4111eac7fb59828b611e61e4a01d983f55df26474a670852a3_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:68d386236922cc4111eac7fb59828b611e61e4a01d983f55df26474a670852a3_ppc64le",
                  "product_id": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:68d386236922cc4111eac7fb59828b611e61e4a01d983f55df26474a670852a3_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opentelemetry-rhel9-operator@sha256%3A68d386236922cc4111eac7fb59828b611e61e4a01d983f55df26474a670852a3?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771517356"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:83f2f6c64882fabaac3075cb2c6b3b5ab53aa45dac6e4d93577221a018c592fa_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:83f2f6c64882fabaac3075cb2c6b3b5ab53aa45dac6e4d93577221a018c592fa_ppc64le",
                  "product_id": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:83f2f6c64882fabaac3075cb2c6b3b5ab53aa45dac6e4d93577221a018c592fa_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opentelemetry-target-allocator-rhel9@sha256%3A83f2f6c64882fabaac3075cb2c6b3b5ab53aa45dac6e4d93577221a018c592fa?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771517323"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7056374735472855598fd8e368b74ce3666e54182549cc54b29abf1927f589f1_s390x",
                "product": {
                  "name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7056374735472855598fd8e368b74ce3666e54182549cc54b29abf1927f589f1_s390x",
                  "product_id": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7056374735472855598fd8e368b74ce3666e54182549cc54b29abf1927f589f1_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opentelemetry-collector-rhel9@sha256%3A7056374735472855598fd8e368b74ce3666e54182549cc54b29abf1927f589f1?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771517504"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:25d378e67f1ca2e0731e9e91b0e5b32e25d7a470ccd4c6e9f053b98561cde692_s390x",
                "product": {
                  "name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:25d378e67f1ca2e0731e9e91b0e5b32e25d7a470ccd4c6e9f053b98561cde692_s390x",
                  "product_id": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:25d378e67f1ca2e0731e9e91b0e5b32e25d7a470ccd4c6e9f053b98561cde692_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opentelemetry-rhel9-operator@sha256%3A25d378e67f1ca2e0731e9e91b0e5b32e25d7a470ccd4c6e9f053b98561cde692?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771517356"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:8e96cd120adaf28b22e8f9ab8028c4c0d3de04a626b9051b5c5c183832c58e80_s390x",
                "product": {
                  "name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:8e96cd120adaf28b22e8f9ab8028c4c0d3de04a626b9051b5c5c183832c58e80_s390x",
                  "product_id": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:8e96cd120adaf28b22e8f9ab8028c4c0d3de04a626b9051b5c5c183832c58e80_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opentelemetry-target-allocator-rhel9@sha256%3A8e96cd120adaf28b22e8f9ab8028c4c0d3de04a626b9051b5c5c183832c58e80?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1771517323"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:35e07bd8a1f487a2fcb1f39579d8988a5cd037250a92408e4cf91b14054fa25e_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.0",
          "product_id": "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:35e07bd8a1f487a2fcb1f39579d8988a5cd037250a92408e4cf91b14054fa25e_arm64"
        },
        "product_reference": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:35e07bd8a1f487a2fcb1f39579d8988a5cd037250a92408e4cf91b14054fa25e_arm64",
        "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7056374735472855598fd8e368b74ce3666e54182549cc54b29abf1927f589f1_s390x as a component of Red Hat OpenShift distributed tracing 3.9.0",
          "product_id": "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7056374735472855598fd8e368b74ce3666e54182549cc54b29abf1927f589f1_s390x"
        },
        "product_reference": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7056374735472855598fd8e368b74ce3666e54182549cc54b29abf1927f589f1_s390x",
        "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:aab9d277ecf66ac98e1b582ca559afba360d15bd3695e9b82f4e2975cd94d83e_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.0",
          "product_id": "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:aab9d277ecf66ac98e1b582ca559afba360d15bd3695e9b82f4e2975cd94d83e_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:aab9d277ecf66ac98e1b582ca559afba360d15bd3695e9b82f4e2975cd94d83e_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:f970e31da49e636dcf93d989cae7b4a0c752d0dea05a3f9fcdcf5b2c6ac5f04e_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.0",
          "product_id": "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:f970e31da49e636dcf93d989cae7b4a0c752d0dea05a3f9fcdcf5b2c6ac5f04e_amd64"
        },
        "product_reference": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:f970e31da49e636dcf93d989cae7b4a0c752d0dea05a3f9fcdcf5b2c6ac5f04e_amd64",
        "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:299677474d73be959b3b229c7e534c7d1f88aafc5265850c0dcd62874d38a119_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.0",
          "product_id": "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:299677474d73be959b3b229c7e534c7d1f88aafc5265850c0dcd62874d38a119_amd64"
        },
        "product_reference": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:299677474d73be959b3b229c7e534c7d1f88aafc5265850c0dcd62874d38a119_amd64",
        "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:25d378e67f1ca2e0731e9e91b0e5b32e25d7a470ccd4c6e9f053b98561cde692_s390x as a component of Red Hat OpenShift distributed tracing 3.9.0",
          "product_id": "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:25d378e67f1ca2e0731e9e91b0e5b32e25d7a470ccd4c6e9f053b98561cde692_s390x"
        },
        "product_reference": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:25d378e67f1ca2e0731e9e91b0e5b32e25d7a470ccd4c6e9f053b98561cde692_s390x",
        "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:35e040b1ef8572a328fdd6ef47080a4ab7283d163692ca512a484532a4baa26d_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.0",
          "product_id": "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:35e040b1ef8572a328fdd6ef47080a4ab7283d163692ca512a484532a4baa26d_amd64"
        },
        "product_reference": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:35e040b1ef8572a328fdd6ef47080a4ab7283d163692ca512a484532a4baa26d_amd64",
        "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:68d386236922cc4111eac7fb59828b611e61e4a01d983f55df26474a670852a3_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.0",
          "product_id": "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:68d386236922cc4111eac7fb59828b611e61e4a01d983f55df26474a670852a3_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:68d386236922cc4111eac7fb59828b611e61e4a01d983f55df26474a670852a3_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:a9b078c2d669a38409669a464b5fb5d9003ee8f4d1dd9fce5cbe8f24c1b70ed2_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.0",
          "product_id": "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:a9b078c2d669a38409669a464b5fb5d9003ee8f4d1dd9fce5cbe8f24c1b70ed2_arm64"
        },
        "product_reference": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:a9b078c2d669a38409669a464b5fb5d9003ee8f4d1dd9fce5cbe8f24c1b70ed2_arm64",
        "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:2b20f7c4e45efe3b492822550db1160bc36e9834d684a83f869e45e282c2529a_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.0",
          "product_id": "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:2b20f7c4e45efe3b492822550db1160bc36e9834d684a83f869e45e282c2529a_amd64"
        },
        "product_reference": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:2b20f7c4e45efe3b492822550db1160bc36e9834d684a83f869e45e282c2529a_amd64",
        "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:83f2f6c64882fabaac3075cb2c6b3b5ab53aa45dac6e4d93577221a018c592fa_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.0",
          "product_id": "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:83f2f6c64882fabaac3075cb2c6b3b5ab53aa45dac6e4d93577221a018c592fa_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:83f2f6c64882fabaac3075cb2c6b3b5ab53aa45dac6e4d93577221a018c592fa_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:8e96cd120adaf28b22e8f9ab8028c4c0d3de04a626b9051b5c5c183832c58e80_s390x as a component of Red Hat OpenShift distributed tracing 3.9.0",
          "product_id": "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:8e96cd120adaf28b22e8f9ab8028c4c0d3de04a626b9051b5c5c183832c58e80_s390x"
        },
        "product_reference": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:8e96cd120adaf28b22e8f9ab8028c4c0d3de04a626b9051b5c5c183832c58e80_s390x",
        "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:f722ba5871a6c036db161d5ca47c878044e9fe7e31dadcc402c5ed83e5a14b7f_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.0",
          "product_id": "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:f722ba5871a6c036db161d5ca47c878044e9fe7e31dadcc402c5ed83e5a14b7f_arm64"
        },
        "product_reference": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:f722ba5871a6c036db161d5ca47c878044e9fe7e31dadcc402c5ed83e5a14b7f_arm64",
        "relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-61726",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-01-28T20:01:42.791305+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:299677474d73be959b3b229c7e534c7d1f88aafc5265850c0dcd62874d38a119_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2434432"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:35e07bd8a1f487a2fcb1f39579d8988a5cd037250a92408e4cf91b14054fa25e_arm64",
          "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7056374735472855598fd8e368b74ce3666e54182549cc54b29abf1927f589f1_s390x",
          "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:aab9d277ecf66ac98e1b582ca559afba360d15bd3695e9b82f4e2975cd94d83e_ppc64le",
          "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:f970e31da49e636dcf93d989cae7b4a0c752d0dea05a3f9fcdcf5b2c6ac5f04e_amd64",
          "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:25d378e67f1ca2e0731e9e91b0e5b32e25d7a470ccd4c6e9f053b98561cde692_s390x",
          "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:35e040b1ef8572a328fdd6ef47080a4ab7283d163692ca512a484532a4baa26d_amd64",
          "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:68d386236922cc4111eac7fb59828b611e61e4a01d983f55df26474a670852a3_ppc64le",
          "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:a9b078c2d669a38409669a464b5fb5d9003ee8f4d1dd9fce5cbe8f24c1b70ed2_arm64",
          "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:2b20f7c4e45efe3b492822550db1160bc36e9834d684a83f869e45e282c2529a_amd64",
          "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:83f2f6c64882fabaac3075cb2c6b3b5ab53aa45dac6e4d93577221a018c592fa_ppc64le",
          "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:8e96cd120adaf28b22e8f9ab8028c4c0d3de04a626b9051b5c5c183832c58e80_s390x",
          "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:f722ba5871a6c036db161d5ca47c878044e9fe7e31dadcc402c5ed83e5a14b7f_arm64"
        ],
        "known_not_affected": [
          "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:299677474d73be959b3b229c7e534c7d1f88aafc5265850c0dcd62874d38a119_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "RHBZ#2434432",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/736712",
          "url": "https://go.dev/cl/736712"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77101",
          "url": "https://go.dev/issue/77101"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4341",
          "url": "https://pkg.go.dev/vuln/GO-2026-4341"
        }
      ],
      "release_date": "2026-01-28T19:30:31.215000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-26T11:02:21+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
          "product_ids": [
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:35e07bd8a1f487a2fcb1f39579d8988a5cd037250a92408e4cf91b14054fa25e_arm64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7056374735472855598fd8e368b74ce3666e54182549cc54b29abf1927f589f1_s390x",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:aab9d277ecf66ac98e1b582ca559afba360d15bd3695e9b82f4e2975cd94d83e_ppc64le",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:f970e31da49e636dcf93d989cae7b4a0c752d0dea05a3f9fcdcf5b2c6ac5f04e_amd64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:25d378e67f1ca2e0731e9e91b0e5b32e25d7a470ccd4c6e9f053b98561cde692_s390x",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:35e040b1ef8572a328fdd6ef47080a4ab7283d163692ca512a484532a4baa26d_amd64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:68d386236922cc4111eac7fb59828b611e61e4a01d983f55df26474a670852a3_ppc64le",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:a9b078c2d669a38409669a464b5fb5d9003ee8f4d1dd9fce5cbe8f24c1b70ed2_arm64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:2b20f7c4e45efe3b492822550db1160bc36e9834d684a83f869e45e282c2529a_amd64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:83f2f6c64882fabaac3075cb2c6b3b5ab53aa45dac6e4d93577221a018c592fa_ppc64le",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:8e96cd120adaf28b22e8f9ab8028c4c0d3de04a626b9051b5c5c183832c58e80_s390x",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:f722ba5871a6c036db161d5ca47c878044e9fe7e31dadcc402c5ed83e5a14b7f_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:3427"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:35e07bd8a1f487a2fcb1f39579d8988a5cd037250a92408e4cf91b14054fa25e_arm64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7056374735472855598fd8e368b74ce3666e54182549cc54b29abf1927f589f1_s390x",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:aab9d277ecf66ac98e1b582ca559afba360d15bd3695e9b82f4e2975cd94d83e_ppc64le",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:f970e31da49e636dcf93d989cae7b4a0c752d0dea05a3f9fcdcf5b2c6ac5f04e_amd64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:299677474d73be959b3b229c7e534c7d1f88aafc5265850c0dcd62874d38a119_amd64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:25d378e67f1ca2e0731e9e91b0e5b32e25d7a470ccd4c6e9f053b98561cde692_s390x",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:35e040b1ef8572a328fdd6ef47080a4ab7283d163692ca512a484532a4baa26d_amd64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:68d386236922cc4111eac7fb59828b611e61e4a01d983f55df26474a670852a3_ppc64le",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:a9b078c2d669a38409669a464b5fb5d9003ee8f4d1dd9fce5cbe8f24c1b70ed2_arm64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:2b20f7c4e45efe3b492822550db1160bc36e9834d684a83f869e45e282c2529a_amd64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:83f2f6c64882fabaac3075cb2c6b3b5ab53aa45dac6e4d93577221a018c592fa_ppc64le",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:8e96cd120adaf28b22e8f9ab8028c4c0d3de04a626b9051b5c5c183832c58e80_s390x",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:f722ba5871a6c036db161d5ca47c878044e9fe7e31dadcc402c5ed83e5a14b7f_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:35e07bd8a1f487a2fcb1f39579d8988a5cd037250a92408e4cf91b14054fa25e_arm64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7056374735472855598fd8e368b74ce3666e54182549cc54b29abf1927f589f1_s390x",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:aab9d277ecf66ac98e1b582ca559afba360d15bd3695e9b82f4e2975cd94d83e_ppc64le",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:f970e31da49e636dcf93d989cae7b4a0c752d0dea05a3f9fcdcf5b2c6ac5f04e_amd64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:299677474d73be959b3b229c7e534c7d1f88aafc5265850c0dcd62874d38a119_amd64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:25d378e67f1ca2e0731e9e91b0e5b32e25d7a470ccd4c6e9f053b98561cde692_s390x",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:35e040b1ef8572a328fdd6ef47080a4ab7283d163692ca512a484532a4baa26d_amd64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:68d386236922cc4111eac7fb59828b611e61e4a01d983f55df26474a670852a3_ppc64le",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:a9b078c2d669a38409669a464b5fb5d9003ee8f4d1dd9fce5cbe8f24c1b70ed2_arm64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:2b20f7c4e45efe3b492822550db1160bc36e9834d684a83f869e45e282c2529a_amd64",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:83f2f6c64882fabaac3075cb2c6b3b5ab53aa45dac6e4d93577221a018c592fa_ppc64le",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:8e96cd120adaf28b22e8f9ab8028c4c0d3de04a626b9051b5c5c183832c58e80_s390x",
            "Red Hat OpenShift distributed tracing 3.9.0:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:f722ba5871a6c036db161d5ca47c878044e9fe7e31dadcc402c5ed83e5a14b7f_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.