Skip to content

CVE-2026-24051 and CVE-2026-39883#28

Closed
weshayutin wants to merge 1 commit into
oadp-1.6from
kopiacveoadp16
Closed

CVE-2026-24051 and CVE-2026-39883#28
weshayutin wants to merge 1 commit into
oadp-1.6from
kopiacveoadp16

Conversation

@weshayutin

@weshayutin weshayutin commented Jun 22, 2026

Copy link
Copy Markdown

Update go.opentelemetry.io/otel/sdk and related otel packages from v1.39.0 to v1.43.0 to fix:

  • CVE-2026-24051 (HIGH): Arbitrary code execution via PATH hijacking
  • CVE-2026-39883 (HIGH): Arbitrary code execution via PATH hijacking on BSD/Solaris

@weshayutin
CVE-2026-24051 and CVE-2026-39883
310889f 
Update go.opentelemetry.io/otel/sdk and related otel packages from
v1.39.0 to v1.43.0 to fix:
- CVE-2026-24051 (HIGH): Arbitrary code execution via PATH hijacking
- CVE-2026-39883 (HIGH): Arbitrary code execution via PATH hijacking on BSD/Solaris

Signed-off-by: Wesley Hayutin <weshayutin@gmail.com>
@coderabbitai

coderabbitai Bot commented Jun 22, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a3dc9372-88b9-46f3-b6f4-5f52e1a42f37

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch kopiacveoadp16

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@oadp-snyk

oadp-snyk commented Jun 22, 2026
edited
Loading

Copy link
Copy Markdown

Snyk checks have failed. 2 issues have been found so far.

Status Scan Engine Critical High Medium Low Total (2)
Open Source Security 0 0 2 0 2 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@openshift-ci

openshift-ci Bot commented Jun 22, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sseago, weshayutin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@sseago

sseago commented Jun 22, 2026

Copy link
Copy Markdown

/lgtm

@openshift-ci openshift-ci Bot added the lgtm label Jun 22, 2026
@weshayutin weshayutin closed this Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kaovilai kaovilai Awaiting requested review from kaovilai
@shubham-pampattiwar shubham-pampattiwar Awaiting requested review from shubham-pampattiwar
1 more reviewer
@sseago sseago sseago approved these changes
Reviewers whose approvals may not affect merge requirements

Assignees

@sseago sseago

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@weshayutin @oadp-snyk @sseago