CRE-2025-0028

OpenTelemetry Python fails to detach context token across async boundariesLow

Impact: 6/10

Mitigation: 1/10

CRE-2025-0028View on GitHub

OpentelemetryPythonContextvarsAsyncObservabilityPublic

Description

In OpenTelemetry Python, detaching a context token that was created in a different context can raise a `ValueError`. This occurs when asynchronous operations, such as generators or coroutines, are finalized in a different context than they were created, leading to context management errors and potential trace data loss.

Cause

The issue arises when a context token is reset in a different context than it was created, violating the expectations of Python''s `contextvars` module. This is common in asynchronous workflows where the lifecycle of context tokens spans multiple contexts.

Mitigation

• Ensure that context tokens are detached in the same context they were created.
• Use `contextlib.aclosing()` to manage asynchronous generators properly.
• Upgrade to a version of OpenTelemetry Python where this issue is addressed. '

References

• https://github.com/open-telemetry/opentelemetry-python/issues/2606
• https://github.com/python/cpython/issues/118944