Description
A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry’s Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS).
Recommendation
Update the @sentry/astro package to the latest compatible version. Followings are version details:
- Affected version(s): >= 7.78.0, < 7.87.0
- Patched version(s): 7.87.0
References
Related Issues
- Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint - CVE-2023-46729
- Chaijs/get-func-name vulnerable to ReDoS - CVE-2023-43646
- matrix-js-sdk vulnerable to invisible eavesdropping in group calls - CVE-2023-29529
- Prototype pollution in matrix-js-sdk (part 2) - CVE-2023-28427
- Tags:
- npm
- @sentry/astro
Anything's wrong? Let us know Last updated on December 28, 2023