INFSA-2025:3411: opentelemetry-collector security update
Information about definition
Identificator: INFSA-2025:3411
Type: security
Release date: 2025-04-29 14:04:06 UTC
Information about package
Collector with the supported components for a Red Hat build of OpenTelemetry
Vulnerabilities description
- CVE-2025-30204
A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-30204
|
no information | 7.5 | no information |
Updated packages