Aneurysm9

**Name of the Vulnerable Software and Affected Versions** opentelemetry-go-contrib versions 0.38.0 through 0.38.0 **Description** The issue concerns a denial-of-service attack due to memory allocation increase when handling requests with constantly random query strings. The `httpconv.ServerRequest` function sets the `http.target` attribute value to the whole request URI, including the query string. When `cumulative` temporality is used, the metric instruments do not forget previous measurement attributes, resulting in a direct correlation between the cardinality of measurements allocated and unique URIs handled. This can lead to a constant increase in memory allocation, potentially causing a denial-of-service attack. **Recommendations** For opentelemetry-go-contrib version 0.38.0, upgrade to version 0.39.0 to address the issue. There are no known workarounds for this issue.