9 matches found
CVE-2026-33728
dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access ...
CVE-2026-33728 dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution
dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access ...
CVE-2026-33728
dd-trace-java (Datadog APM for Java) versions 0.40.0 through before 1.60.2 contain an unsafe RMI instrumentation endpoint that deserializes data without serialization filters. On JDK 16 and earlier, an attacker with network access to a configured JMX/RMI port on an instrumented JVM could potentia...
CVE-2026-33728 dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution
dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access ...
CVE-2026-33701 OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and...
CVE-2026-33701
OpenTelemetry Java instrumentation (opentelemetry-javaagent) contains an unsafe deserialization flaw in its RMI integration prior to version 2.26.1. If the agent is attached on a JDK 16 or earlier, and an RMI/JMX port is network-reachable with a gadget-chain–compatible library on the application ...
CVE-2026-33701 OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and...
GHSA-579Q-H82J-R5V2 dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution
In versions of dd-trace-java prior to 1.60.3, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this ...
SUSE-SU-2025:03285-1 Security update for mybatis, ognl
This update for mybatis, ognl fixes the following issues: Version update to 3.5.7: Bug fixes: + Improved performance under JDK 8. 2223 Version update to 3.5.8: List of changes: + Avoid NullPointerException when mapping an empty string to java.lang.Character. 2368 + Fixed an incorrect argument whe...