In case a Prototype Pollution vulnerability is present in a user's application or bundled libraries, the Sentry SDK could potentially serve as a gadget to exploit that vulnerability. The exploitability depends on the specific details of the underlying Prototype Pollution issue.
[!NOTE] This advisory does not indicate the presence of a Prototype Pollution within the Sentry SDK itself. Users are strongly advised to first address any Prototype Pollution vulnerabilities in their application, as they pose a more critical security risk.
The issue was patched in all Sentry JavaScript SDKs starting from the 8.33.0 version. Also, the fix was backported to SDK v7 in 7.119.1.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-913" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-10-03T18:26:53Z" }