GHSA-FJQ3-FFVR-VM46 OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure

Summary The Java TLS ioctl probe reads user-controlled ioctl pointers with bpfproberead instead of bpfprobereaduser. An instrumented local process can therefore point OBI at kernel memory and cause that memory to be copied into telemetry. Details The vulnerable path is in...

CVE-2026-33701

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and...

CVE-2026-33701

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and...

OpenTelemetry Instrumentation for Java 代码问题漏洞

OpenTelemetry Instrumentation for Java is an open-source Java proxy JAR developed by OpenTelemetry. There were code-related vulnerabilities in versions of OpenTelemetry Instrumentation for Java prior to 2.26.1. These vulnerabilities stemmed from the fact that custom endpoints registered by RMI...

splunk-otel-javaagent: Unsafe deserialization in RMI instrumentation may lead to Remote Code Execution

In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. An attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. Al...

EUVD-2023-43649

Malicious code in bioql PyPI...

Input validation

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email...

CVE-2023-39951 Instrumentation for AWS SDK v2 captures email content when using Amazon Simple Email Service (SES) v1 API, exposing that content to the telemetry backend

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email...

CVE-2023-39951 Instrumentation for AWS SDK v2 captures email content when using Amazon Simple Email Service (SES) v1 API, exposing that content to the telemetry backend

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email...

PT-2023-27169 · Amazon · Aws Sdk +1

Name of the Vulnerable Software and Affected Versions: OpenTelemetry Java Instrumentation versions prior to 1.28.0 Description: The issue is related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service SES v1 API. When SES POST requests are instrumente...

OpenTelemetry Instrumentation for Java Information Disclosure Vulnerability

OpenTelemetry Instrumentation for Java is an OpenTelemetry open source Java agent JAR. An information disclosure vulnerability exists in OpenTelemetry Instrumentation for Java prior to version 1.28.0, which stems from the fact that when detecting a SES POST request, the request's query parameter ...

Researcher Releases JavaSnoop Java-Analysis Tool

Java has long been one of the more widely used–and widely criticized–technologies on the Web. It’s used virtually everywhere and roundly panned by security researchers for its security shortcomings. Now, a researcher has released a new tool, called JavaSnoop, that’s designed to help people better...