Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Blast Radius
ecosystem impact- 45 npm packages depend on @opentelemetry/auto-instrumentations-node (34 direct, 12 indirect)
- 227 npm packages depend on @opentelemetry/exporter-prometheus (7 direct, 220 indirect)
- 224 npm packages depend on @opentelemetry/sdk-node (90 direct, 138 indirect)
Ecosystem-wide dependent count for version 0.75.0 and other introduced versions.
DescriptionGitHub Advisory
Summary
A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint (default 0.0.0.0:9464) has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process.
You are affected by this vulnerability if either of the following apply to your application:
- you directly use
@opentelemetry/exporter-prometheusin your code through its built-in server. - your
OTEL_METRICS_EXPORTERenvironment variable includesprometheusAND - you use
@opentelemetry/sdk-node - you use
@opentelemetry/auto-instrumentations-nodevia--require @opentelemetry/auto-instrumentations-node/register/--import @opentelemetry/auto-instrumentations-node/register
Impact
Denial of service. Any application using the OpenTelemetry Prometheus exporter’s built-in server can be crashed by a single unauthenticated network packet sent to the metrics port. No authentication, special privileges, or prior access is required.
Remediation
Update to the fixed version
Update @opentelemetry/exporter-prometheus and @opentelemetry/sdk-node to version 0.217.0 or later. Update @opentelemetry/auto-instrumentations-node to version 0.75.0 or later.
This release adds proper error handling around the URL constructor, returning an HTTP 400 response on parse failure rather than allowing the exception to propagate and crash the process.
npm install @opentelemetry/exporter-prometheus@latestDo Not Expose the Endpoint to Untrusted Users
> [!IMPORTANT] > The following mitigations reduce exposure but do not fully remediate the vulnerability. Any client that *can* reach the metrics endpoint - including your own Prometheus scraper host if compromised - could still trigger the crash. Updating to 0.217.0 is the recommended resolution.
If updating is not immediately feasible, restrict access to the metrics endpoint so that it is not reachable by untrusted or unauthenticated network clients. For example:
- Bind to localhost only by setting the
hostoption to127.0.0.1when configuring thePrometheusExporter, so the port is not exposed on public or shared network interfaces - Use a firewall or network policy to restrict access to port
9464(or whichever port you have configured) to only trusted Prometheus scrape hosts - Place the endpoint behind a reverse proxy that filters or validates incoming requests before they reach the exporter
Details
In PrometheusExporter.ts, the _requestHandler calls new URL(request.url, this._baseUrl) without any error handling. Node's HTTP parser accepts absolute-form URIs (e.g. http://) for proxy compatibility, including malformed ones. When request.url is "http://", the URL constructor throws TypeError: Invalid URL. Since there is no try-catch in the handler, the exception propagates as an uncaught exception and crashes the process.
The Prometheus metrics endpoint is unauthenticated by design (Prometheus scrapes it) and binds to 0.0.0.0 by default, meaning it is reachable by any network client that can connect to the metrics port.
Proof of Concept
Start any Node.js application with the Prometheus exporter running on the default port 9464, then send a single raw TCP packet:
echo -ne 'GET http:// HTTP/1.1\r\nHost: localhost\r\n\r\n' | nc localhost 9464The process crashes immediately with:
TypeError: Invalid URL
at new URL (...)
at PrometheusExporter._requestHandler (...)AnalysisAI
Remote unauthenticated attackers can crash Node.js applications running the OpenTelemetry Prometheus exporter by sending a single malformed HTTP request to the metrics endpoint (default port 9464). The vulnerability exists in @opentelemetry/exporter-prometheus versions prior to 0.217.0, where missing error handling around URL parsing causes an uncaught TypeError when processing invalid URIs, terminating the entire Node.js process. The metrics endpoint binds to 0.0.0.0 by default and requires no authentication, making exploitation trivial for any network-accessible attacker. Publicly available exploit code exists (one-line netcat command demonstrated in vendor advisory). No active exploitation confirmed at time of analysis, though the attack complexity is minimal (CVSS AC:L) and the impact severe for production observability infrastructure.
Technical ContextAI
OpenTelemetry is a vendor-neutral observability framework that collects application metrics, traces, and logs. The Prometheus exporter component exposes metrics via HTTP for scraping by Prometheus monitoring systems. This vulnerability stems from CWE-755 (Improper Handling of Exceptional Conditions) in the PrometheusExporter._requestHandler function. Node.js HTTP servers accept absolute-form request URIs (e.g., 'GET http://host/path HTTP/1.1') for HTTP proxy compatibility per RFC 7230. The exporter code passes request.url directly to JavaScript's URL constructor without try-catch blocks. When an attacker sends a malformed absolute URI like 'GET http:// HTTP/1.1', the URL constructor throws TypeError: Invalid URL. Because Node.js treats uncaught exceptions in HTTP request handlers as fatal errors by default, the exception propagates to the event loop and terminates the process with exit code 1. The affected packages include @opentelemetry/exporter-prometheus (core exporter), @opentelemetry/sdk-node (SDK that instantiates exporters based on OTEL_METRICS_EXPORTER environment variable), and @opentelemetry/auto-instrumentations-node (auto-instrumentation wrapper). All three packages share the vulnerable URL parsing code path when Prometheus metrics export is enabled.
RemediationAI
Update affected npm packages to patched versions: @opentelemetry/exporter-prometheus to 0.217.0 or later, @opentelemetry/sdk-node to 0.217.0 or later, and @opentelemetry/auto-instrumentations-node to 0.75.0 or later using 'npm install @opentelemetry/exporter-prometheus@latest @opentelemetry/sdk-node@latest @opentelemetry/auto-instrumentations-node@latest'. The patched releases add try-catch error handling around the URL constructor, returning HTTP 400 Bad Request responses for malformed URIs instead of crashing the process. If immediate patching is not feasible, implement network-level compensating controls with the following trade-offs: (1) Bind metrics endpoint to localhost only by setting host option to '127.0.0.1' in PrometheusExporter configuration - prevents remote exploitation but requires Prometheus scraper to run on same host or use SSH tunneling, complicating distributed monitoring architectures. (2) Restrict port 9464 access via firewall rules to only trusted Prometheus scraper IP addresses - reduces attack surface but does not eliminate risk if scraper host is compromised or if internal network contains malicious actors. (3) Deploy reverse proxy (nginx, Envoy) in front of metrics endpoint with request validation - adds architectural complexity, introduces single point of failure, and incurs latency penalty for metrics collection. Vendor explicitly warns these mitigations 'reduce exposure but do not fully remediate' the vulnerability. Detailed remediation guidance at https://github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-q7rr-3cgh-j5r3.
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32538
GHSA-q7rr-3cgh-j5r3