Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin

Severity:: Low

Description

SDK versions between and including 5.16.0 and 5.19.0 allowed Sentry auth tokens to be set in the optional authToken configuration parameter, for debugging purposes.

Recommendation

Update the @sentry/react-native package to the latest compatible version. Followings are version details:

Affected version(s): >= 5.16.0, <= 5.19.0
Patched version(s): 5.19.1

References

GHSA-68c2-4mpx-qh95
CWE-200
OWASP 2021-A1

Related Issues

express-basic-auth Timing Attack due to native string comparison instead of constant time string comparison - Vulnerability
Potential DoS when using ContextLines integration - @sentry/solidstart - Vulnerability
Potential DoS when using ContextLines integration - @sentry/remix - Vulnerability
Potential DoS when using ContextLines integration - @sentry/nuxt - Vulnerability

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; @sentry/react-native

Anything's wrong? Let us know Last updated on March 21, 2026