GHSA-593m-55hh-j8gv: Sentry SDK Prototype Pollution gadget in JavaScript SDKs
(updated )
In case a Prototype Pollution vulnerability is present in a user’s application or bundled libraries, the Sentry SDK could potentially serve as a gadget to exploit that vulnerability. The exploitability depends on the specific details of the underlying Prototype Pollution issue.
[!NOTE] This advisory does not indicate the presence of a Prototype Pollution within the Sentry SDK itself. Users are strongly advised to first address any Prototype Pollution vulnerabilities in their application, as they pose a more critical security risk.
References
- github.com/advisories/GHSA-593m-55hh-j8gv
- github.com/getsentry/sentry-javascript
- github.com/getsentry/sentry-javascript/commit/35bdc87dee3498794e34c1ad35dd9927950c8766
- github.com/getsentry/sentry-javascript/pull/13838
- github.com/getsentry/sentry-javascript/releases/tag/7.119.1
- github.com/getsentry/sentry-javascript/releases/tag/8.33.0
- github.com/getsentry/sentry-javascript/security/advisories/GHSA-593m-55hh-j8gv
Detect and mitigate GHSA-593m-55hh-j8gv with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →