GHSA-7cjh-xx4r-qh3f: sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+
Under specific circumstances, text composables may contain unmasked sensitive data in Android session replays. You may be impacted if you meet the following conditions:
- Using any
sentry-androidwith versions < 8.14.0 - Using Jetpack Compose >= 1.8.0-alpha08
- Have configured Sentry Session Replays for Android
If you do not use Jetpack Compose or have never used a version >= 1.8.0-alpha08 you are not impacted. If you have not configured Session Replays for Mobile you are not impacted.
References
- github.com/advisories/GHSA-7cjh-xx4r-qh3f
- github.com/getsentry/sentry-java
- github.com/getsentry/sentry-java/commit/8bfa9cceab402e58f6723a0694158d27e8a41a56
- github.com/getsentry/sentry-java/issues/4467
- github.com/getsentry/sentry-java/pull/4485
- github.com/getsentry/sentry-java/releases/tag/8.14.0
- github.com/getsentry/sentry-java/security/advisories/GHSA-7cjh-xx4r-qh3f
Code Behaviors & Features
Detect and mitigate GHSA-7cjh-xx4r-qh3f with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →