Description
In case a Prototype Pollution vulnerability is present in a user’s application or bundled libraries, the Sentry SDK could potentially serve as a gadget to exploit that vulnerability. The exploitability depends on the specific details of the underlying Prototype Pollution issue.
Recommendation
Update the @sentry/browser package to the latest compatible version. Followings are version details:
Affected version(s): **< 7.119.1 >= 8.0.0-alpha.1, < 8.33.0** Patched version(s): **7.119.1 8.33.0**
References
Related Issues
- cors-anywhere vulnerable to server-side request forgery - CVE-2020-36851
- Valid ECDSA signatures erroneously rejected in Elliptic - CVE-2024-48948
- Trix vulnerable to Cross-site Scripting on copy & paste - CVE-2025-46812
- Froala WYSIWYG editor allows cross-site scripting (XSS) - CVE-2024-51434
- Tags:
- npm
- @sentry/browser
Anything's wrong? Let us know Last updated on October 04, 2024