Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin
- Severity:
- Low
Description
SDK versions between and including 5.16.0 and 5.19.0 allowed Sentry auth tokens to be set in the optional authToken configuration parameter, for debugging purposes.
Recommendation
Update the @sentry/react-native package to the latest compatible version. Followings are version details:
- Affected version(s): >= 5.16.0, <= 5.19.0
- Patched version(s): 5.19.1
References
Related Issues
- express-basic-auth Timing Attack due to native string comparison instead of constant time string comparison - Vulnerability
- Expo SDK has an OAuth vulnerability - CVE-2023-28131
- Sentry SDK Prototype Pollution gadget in JavaScript SDKs - Vulnerability
- react-native-mmkv Insertion of Sensitive Information into Log File vulnerability - CVE-2024-21668
- Tags:
- npm
- @sentry/react-native
Anything's wrong? Let us know Last updated on March 01, 2024