Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin
- Severity:
- Low
Description
SDK versions between and including 5.16.0 and 5.19.0 allowed Sentry auth tokens to be set in the optional authToken configuration parameter, for debugging purposes.
Recommendation
Update the @sentry/react-native package to the latest compatible version. Followings are version details:
- Affected version(s): >= 5.16.0, <= 5.19.0
- Patched version(s): 5.19.1
References
Related Issues
- Webrecorder packages are vulnerable to XSS through 404 error handling logic - CVE-2025-58765
- DOM Clobbering Gadget found in astro's client-side router that leads to XSS - CVE-2024-47885
- @strapi/plugin-content-manager leaks data via relations via the Admin Panel - CVE-2024-29181
- Strapi does not verify the access or ID tokens issued during the OAuth flow - CVE-2023-22893
- Tags:
- npm
- @sentry/react-native
Anything's wrong? Let us know Last updated on March 01, 2024