Количество 4
Количество 4
CVE-2026-39883
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0.
CVE-2026-39883
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0.
CVE-2026-39883
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15. ...
GHSA-hfvc-g4fc-pqhx
opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-39883 OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0. | CVSS3: 7 | 0% Низкий | 7 дней назад |
 | CVE-2026-39883 OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0. | CVSS3: 7 | 0% Низкий | 7 дней назад |
| CVE-2026-39883 OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15. ... | CVSS3: 7 | 0% Низкий | 7 дней назад |
| GHSA-hfvc-g4fc-pqhx opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking | 0% Низкий | 7 дней назад |
Уязвимостей на страницу