io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent@0.14.0
latest version
0.14.0
first published
5 years ago
latest version published
5 years ago
licenses detected
- [0.14.0,)
package registry
Direct Vulnerabilities
Known vulnerabilities in the io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent package. This does not include vulnerabilities belonging to this package’s dependencies.
Fix vulnerabilities automatically
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the RMI integration. An attacker can execute arbitrary code with the privileges of the user running the instrumented JVM by sending specially crafted serialized data to a network-exposed JMX or RMI port. Note: This is only exploitable if the agent is attached as a Java agent on Java 16 or earlier, a JMX/RMI port is explicitly configured and network-reachable, and a gadget-chain-compatible library is present on the classpath. How to fix Deserialization of Untrusted Data? There is no fixed version for | [0,) |