What are you really trying to do?
When scanning Docker image of my project with Trivy, one issue is raised: CVE-2026-48504
Describe the bug
====================================================================================
Total: 1 (MEDIUM: 1, HIGH: 0, CRITICAL: 0)
┌───────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├───────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────┤
│ opentelemetry_sdk │ CVE-2026-48504 │ MEDIUM │ fixed │ 0.31.0 │ 0.32.1 │ opentelemetry_sdk has unbounded memory allocation in W3C │
│ │ │ │ │ │ │ Baggage propagation │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2026-48504 │
└───────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────┘
Environment/Versions
Using temporalio 1.29.0
Additional context
The version 0.32.1 of opentelemetry_sdk solves this security issue.
What are you really trying to do?
When scanning Docker image of my project with Trivy, one issue is raised: CVE-2026-48504
Describe the bug
Environment/Versions
Using temporalio 1.29.0
Additional context
The version 0.32.1 of opentelemetry_sdk solves this security issue.