Lucene search
K

5 matches found

GithubExploit
GithubExploit
added 2026/04/04 11:14 a.m.229 views

Exploit for Deserialization of Untrusted Data in Linuxfoundation Opentelemetry_Instrumentation_For_Java

CVE-2026-33701 — Unsafe Deserialization in OpenTelemetry Java...

9.8CVSS6.4AI score0.00933EPSS
Exploits1
OSV
OSV
added 2026/03/27 12:25 a.m.6 views

CVE-2026-33728 dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution

dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access ...

9.3CVSS6AI score0.00622EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/27 12:25 a.m.2 views

CVE-2026-33728 dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution

dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access ...

9.3CVSS6AI score0.00622EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 4:45 p.m.6 views

GHSA-579Q-H82J-R5V2 dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution

In versions of dd-trace-java prior to 1.60.3, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this ...

9.8CVSS6.3AI score0.00622EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/25 9:27 p.m.9 views

OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution

In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. An attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. Al...

9.8CVSS6.6AI score0.00933EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder