Prometheus exporter process crash via malformed HTTP request
A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint (default 0.0.0.0:9464) has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You are affected by this vulnerability if either of the following apply to your application: you directly use @opentelemetry/exporter-prometheus in your code through its built-in server. your OTEL_METRICS_EXPORTER …