CNNVD-202601-2982 Information
CNNVD ID
CNNVD-202601-2982
Related CVE
- CNNVD Published: 2026-01-19
Description (Chinese)
Swift W3C TraceContext是Swift OTel开源的一个微型库。 Swift W3C TraceContext 1.0.0-beta.5之前版本和Swift OTel 1.0.4之前版本存在输入验证错误漏洞,该漏洞源于输入验证不当,可能导致远程攻击者通过格式错误的HTTP标头使服务崩溃。
Description (English)
Swift W3C TraceContext is a microbank of Swift Otel Open Source. The previous version of Swift W3C TraceContext 1.0.0-beta.5 and previous versions of Swift Otel 1.0.4 had input-validation bugs, which stemmed from inappropriate input-certification and could lead to a breakdown of services by remote attackers through the wrong format HTTP header.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
Swift OTel
Published
2026-01-19
Last Modified
2026-02-24
References
https://github.com/swift-otel/swift-w3c-trace-context/releases/tag/1.0.0-beta.5 https://github.com/swift-otel/swift-otel/releases/tag/1.0.4 https://github.com/swift-otel/swift-w3c-trace-context/security/advisories/GHSA-mvpq-2v8x-ww6g https://github.com/swift-otel/swift-w3c-trace-context/commit/5da9b143ba6046734de3fa51dafea28290174e4e https://access.redhat.com/security/cve/cve-2026-23886
Patch
https://github.com/swift-otel/swift-w3c-trace-context/releases
Share on: