Lucene search
K

3 matches found

Elastic
Elastic
added 2026/03/30 2:17 p.m.11 views

Elastic OTel Java 1.10.0 Security Update (ESA-2026-22 / GHSA-xw7x-h9fj-p2c7)

Dependency on Vulnerable Third-Party Component in Elastic OTel Java Leading to Remote Code Execution Dependency on Vulnerable Third-Party Component CWE-1395 exists in Elastic OTel Java via a dependency on OpenTelemetry Java instrumentation library. This vulnerability could allow an attacker to...

9.8CVSS6.5AI score0.00933EPSS
Exploits1
NVD
NVD
added 2026/03/27 1:16 a.m.9 views

CVE-2026-33701

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and...

9.8CVSS0.00933EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2026/03/26 5:22 p.m.7 views

io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent-lettuce-5.0 (=0.14.0), io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent-lettuce-5.1 (=0.14.0) +3 more potentially affected by CVE-2026-33701 via io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent (=0.14.0)

io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent MAVEN version =0.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent and may be impacted: -...

9.8CVSS5.8AI score0.00933EPSS
Exploits1
Rows per page
Query Builder