Version: latest

CVE-2023-47108

CVE Details

CVE-2023-47108

Last Update

8/16/2024

NIST CVE Summary

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent.

Our Official Summary

CVE exists in vsphere-csi 3.2.0, and kube-controller-manaer version 1.28.11. Impacts all vsphere clusters. There is no workaround.

CVE Severity

7.5

Status

Ongoing

Affected Products & Versions

Palette VerteX 4.4.11
Palette VerteX 4.4.14

Revision History

1.0 07/16/2024 Initial Publication
2.0 08/16/2024 Added palette VerteX 4.4.14 to Affected Products

CVE Details​

Last Update​

NIST CVE Summary​

Our Official Summary​

CVE Severity​

Status​

Affected Products & Versions​

Revision History​