Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Network-delivered, no auth required, no user interaction; availability impact is Low because Node.js HTTP defaults naturally bound most deployments.
Primary rating from Vendor (https://github.com/open-telemetry/opentelemetry-js).
CVSS VectorVendor: https://github.com/open-telemetry/opentelemetry-js
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
2Blast Radius
ecosystem impact- 904 npm packages depend on @opentelemetry/core (286 direct, 618 indirect)
Ecosystem-wide dependent count for version 2.8.0.
DescriptionCVE.org
Overview
W3CBaggagePropagator.extract() in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were only enforced on the outbound (inject()) path, not on the inbound (extract()) path. Parsing oversized baggage causes memory allocation proportional to the header size without any cap.
Impact
The practical availability impact for most Node.js deployments is limited. Node.js enforces a default --max-http-header-size of 16,384 bytes on the total combined size of all HTTP headers, constraining what an external attacker can deliver before the propagator is reached. Additionally, the header is already in memory (parsed by the HTTP layer) by the time it reaches the propagator - the additional allocation is the overhead of splitting into entry objects, not an unbounded read.
The risk is higher when transport-layer limits are absent - e.g., non-HTTP transports (messaging systems, custom TextMapGetter implementations) or deployments that have raised --max-http-header-size.
Remediation
Update @opentelemetry/core to version 2.8.0 or later. The fix enforces limits consistent with the W3C Baggage specification at the propagator level:
- Maximum total baggage size: 8,192 bytes
- Maximum number of entries: 180
- Maximum per-entry size: 4,096 bytes
Headers that exceed these limits are truncated at the point the limit is reached.
Workarounds
Ensure header size limits are configured at the server or gateway level. The default Node.js HTTP header limit (16 KB) mitigates external attack vectors independently of this fix. For non-HTTP transports receiving baggage from untrusted sources, validate input size before passing it to the propagator.
References
- W3C Baggage Specification - Limits
- opentelemetry-java: GHSA-rcgg-9c38-7xpx
- opentelemetry-go: GHSA-mh2q-q3fh-2475
Credit
Reported by tonghuaroot.
AnalysisAI
Unbounded memory allocation in @opentelemetry/core affects the W3CBaggagePropagator.extract() method, which fails to enforce W3C Baggage specification size limits (8,192 bytes, 180 entries) on the inbound parsing path - only the outbound inject() path was protected. Unauthenticated remote attackers can exploit this to cause partial availability degradation by sending oversized baggage headers, with elevated risk in non-HTTP transport contexts (messaging systems, custom TextMapGetter implementations) where Node.js's native 16 KB header cap does not apply. No public exploit code or CISA KEV listing exists; the CVSS 5.3 Medium score reflects the real-world constraint imposed by Node.js defaults on the dominant HTTP deployment pattern.
Technical ContextAI
The W3C Baggage specification (https://www.w3.org/TR/baggage/#limits) defines recommended caps - 8,192 bytes total, 180 entries, 4,096 bytes per entry - to prevent resource exhaustion during context propagation. The @opentelemetry/core npm package implements the W3CBaggagePropagator interface for distributed tracing context propagation. Prior to version 2.8.0, the extract() method parsed inbound baggage headers into entry objects without enforcing these caps, causing memory allocation that scales linearly with header size. CWE-770 (Allocation of Resources Without Limits or Throttling) precisely characterizes the root cause: the parser consumed attacker-controlled input without bounding object creation. The affected CPE is pkg:npm/@opentelemetry/core versions before 2.8.0. Parallel advisories exist for opentelemetry-java (GHSA-rcgg-9c38-7xpx) and opentelemetry-go (GHSA-mh2q-q3fh-2475), indicating this is a cross-ecosystem design gap in the OpenTelemetry propagation layer.
RemediationAI
Upgrade @opentelemetry/core to version 2.8.0 or later, which enforces W3C Baggage specification limits at the propagator level: maximum total baggage size of 8,192 bytes, maximum 180 entries, and maximum 4,096 bytes per entry, with truncation applied at the point a limit is reached. The advisory is at https://github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-8988-4f7v-96qf. For teams unable to patch immediately, ensure the Node.js HTTP server is running with the default --max-http-header-size of 16,384 bytes (do not raise this value); this limits external HTTP attack surface but does not protect non-HTTP transports. For services consuming baggage over non-HTTP transports (messaging queues, gRPC, custom TextMapGetter implementations), validate and cap the raw baggage string length before passing it to extract() as a compensating control - note this requires application-level changes and adds latency to the propagation path.
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38321
GHSA-8988-4f7v-96qf