Описание
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| jammy | needs-triage | |
| noble | needs-triage | |
| questing | needs-triage | |
| upstream | not-affected | debian: Specific to BSDs and Solaris |
Показывать по
7 High
CVSS3
Связанные уязвимости
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0.
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15. ...
opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking
7 High
CVSS3