You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In case a Prototype Pollution vulnerability is present in a user's application or bundled libraries, the Sentry SDK could potentially serve as a gadget to exploit that vulnerability. The exploitability depends on the specific details of the underlying Prototype Pollution issue.
Note: This advisory does not indicate the presence of a Prototype Pollution within the Sentry SDK itself. Users are strongly advised to first address any Prototype Pollution vulnerabilities in their application, as they pose a more critical security risk.
Impact
The exploitability and impact depends on the specific details of the underlying Prototype Pollution issue.
Patches
The issue was patched in all Sentry JavaScript SDKs starting from the 8.33.0 version.
Package and Versions
Package:
sentry/browser
Affected Version(s):
<8.33.0
Patched Version(s):
8.33.0
Description
In case a Prototype Pollution vulnerability is present in a user's application or bundled libraries, the Sentry SDK could potentially serve as a gadget to exploit that vulnerability. The exploitability depends on the specific details of the underlying Prototype Pollution issue.
Note: This advisory does not indicate the presence of a Prototype Pollution within the Sentry SDK itself. Users are strongly advised to first address any Prototype Pollution vulnerabilities in their application, as they pose a more critical security risk.
Impact
The exploitability and impact depends on the specific details of the underlying Prototype Pollution issue.
Patches
The issue was patched in all Sentry JavaScript SDKs starting from the 8.33.0 version.
Workarounds
No workaround are available.
CVSS 3.1 Score and Vector
Severity: Low
Information
The text was updated successfully, but these errors were encountered: