GHSA-4JVG-4JFX-FMHC
go · github.com/open-telemetry/opentelemetry-collector-contrib/exporter/sentryexporter
Summary
opentelemetry-collector-contrib sentryexporter: Path traversal in Sentry exporter via attacker-controlled service.name reaches privileged Sentry API endpoints with operator bearer token
References
Related vulnerabilities
All Supply chain →- CRITICALGHSA-2JQ4-Q6VV-4CP3
Crawl4AI: Arbitrary file write (path traversal) in crawler downloads can lead to RCE
- CRITICALGHSA-HXPF-9XVQ-WPH8
netlicensing-mcp: REST Path Traversal Bypasses Token Redaction
- MEDIUMGHSA-FJV8-J4P5-CR9M
Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape
- LOWGHSA-RVP7-W75Q-9FV2
BBOT: Symlink-Following Arbitrary Write via github_workflows Module
- MEDIUMGHSA-M54H-VHF9-3W3M
BBOT: Arbitrary File Write in postman_download Module
- MEDIUMGHSA-3VGW-585J-4M45
BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-10284