CRE-2025-0028

OpenTelemetry Python fails to detach context token across async boundariesLow

Impact: 6/10

Mitigation: 1/10

CRE-2025-0028View on GitHub

OpentelemetryPythonContextvarsAsyncObservabilityPublic

Description

In OpenTelemetry Python, detaching a context token that was created in a different context can raise a `ValueError`. This occurs when asynchronous operations, such as generators or coroutines, are finalized in a different context than they were created, leading to context management errors and potential trace data loss.

Mitigation

- Ensure that context tokens are detached in the same context they were created. - Use `contextlib.aclosing()` to manage asynchronous generators properly. - Upgrade to a version of OpenTelemetry Python where this issue is addressed. '

References

• https://github.com/open-telemetry/opentelemetry-python/issues/2606
• https://github.com/python/cpython/issues/118944