Lucene search
K
LinuxfoundationOpentelemetry Instrumentation For Java

4 matches found

CVE
CVE
added 2023/08/08 9:2 p.m.2492 views

CVE-2023-39951

CVE-2023-39951 affects OpenTelemetry Java Instrumentation prior to 1.28.0. When instrumenting AWS SDK v2 calls to SES v1, the request query parameters are inserted into the trace url.path, causing the HTTP body (subject and message) to be exposed in telemetry backends. This information disclosure...

6.5CVSS6.3AI score0.00672EPSS
CVE
CVE
added 2026/03/27 12:1 a.m.26 views

CVE-2026-33701

OpenTelemetry Java instrumentation (opentelemetry-javaagent) contains an unsafe deserialization flaw in its RMI integration prior to version 2.26.1. If the agent is attached on a JDK 16 or earlier, and an RMI/JMX port is network-reachable with a gadget-chain–compatible library on the application ...

9.8CVSS6.6AI score0.00933EPSS
CVE
CVE
added 2026/07/01 9:17 p.m.13 views

CVE-2026-54712

OpenTelemetry Java Instrumentation prior to 2.27.0 is affected. The issue resides in the RMI context propagation payload reader, which limits the number of context entries but does not limit the aggregate size of strings read, allowing an attacker who can reach a network-reachable RMI endpoint to...

7.5CVSS5.8AI score0.00263EPSS
CVE
CVE
added 2026/07/01 9:15 p.m.12 views

CVE-2026-54704

OpenTelemetry Java Instrumentation contains a vulnerability in JDBC auto-instrumentation prior to version 2.28.0 where passwords in SQL CONNECT statements may not be sanitized if the password is double-quoted. This can cause clear-text database passwords to be added to trace spans and exported to...

6.5CVSS5.7AI score0.00224EPSS