VYPR

Go modules package

go.opentelemetry.io/otel/sdk

pkg:golang/go.opentelemetry.io/otel/sdk

Vulnerabilities (2)

  • CVE-2026-39883HigApr 8, 2026
    affected >= 1.15.0, < 1.43.0fixed 1.43.0

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platf

  • CVE-2026-24051HigFeb 2, 2026
    affected >= 1.21.0, < 1.40.0fixed 1.40.0

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in sdk/resource/host_id.go executes the ioreg system comman