Lucene search
+L

opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking

🗓️ 08 Apr 2026 19:22:12Reported by GitHub Advisory DatabaseType 
github
 github
🔗 github.com👁 20 Views

Fix BSD kenv usage by using an absolute path to prevent PATH hijacking in OpenTelemetry host ID.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
OSV
MINI-H982-C6JV-GHP2
1 Jul 202623:43
osv
OSV
MINI-H995-3J6R-VFGQ
21 Jun 202620:38
osv
OSV
MINI-HC79-495G-F4QF
14 Apr 202602:45
osv
OSV
MINI-HCJP-QF74-XPJ8
9 Apr 202614:31
osv
OSV
MINI-HCRC-828P-H9XV
4 Mar 202620:00
osv
OSV
MINI-HFM3-4J82-2896
3 Jul 202613:32
osv
OSV
MINI-HG2W-4PGH-WR5G
17 Mar 202612:15
osv
OSV
MINI-HG89-JVQP-942C
10 Apr 202608:47
osv
OSV
MINI-HGC7-CC56-P3HJ
13 May 202614:47
osv
OSV
MINI-HGFW-353Q-5QH3
7 Jun 202615:45
osv
Rows per page
Vulners
Node
otelsdkRange1.15.01.42.0go

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

09 Apr 2026 14:29Current
6Medium risk
Vulners AI Score6
CVSS 3.17 - 8.8
CVSS 47.3
EPSS0.0022
SSVC
20