Potential DoS when using ContextLines integration (GHSA-r5w7-f542-q2j4) 10
- Severity:
- Low
Description
The ContextLines integration uses readable streams to more efficiently use memory when reading files. The ContextLines integration is used to attach source context to outgoing events.
The stream was not explicitly closed after use.
Recommendation
Update the @sentry/node package to the latest compatible version. Followings are version details:
- Affected version(s): >= 8.10.0, < 8.49.0
- Patched version(s): 8.49.0
References
Related Issues
- Sentry's sensitive headers are leaked when `sendDefaultPii` is set to `true` (GHSA-6465-jgvq-jhgp) 10 - CVE-2025-65944
- Elliptic's ECDSA missing check for whether leading bit of r and s is zero - CVE-2024-42460
- @intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c) 3 - CVE-2024-52810
- @intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c) 2 - CVE-2024-52810
- Tags:
- npm
- @sentry/node
Anything's wrong? Let us know Last updated on January 28, 2025