3 matches found
Elastic OTel Java 1.10.0 Security Update (ESA-2026-22 / GHSA-xw7x-h9fj-p2c7)
Dependency on Vulnerable Third-Party Component in Elastic OTel Java Leading to Remote Code Execution Dependency on Vulnerable Third-Party Component CWE-1395 exists in Elastic OTel Java via a dependency on OpenTelemetry Java instrumentation library. This vulnerability could allow an attacker to...
CVE-2026-33701
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and...
io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent-lettuce-5.0 (=0.14.0), io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent-lettuce-5.1 (=0.14.0) +3 more potentially affected by CVE-2026-33701 via io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent (=0.14.0)
io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent MAVEN version =0.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent and may be impacted: -...