Homepage
About Snyk

Open Redirect Affecting sentry package, versions [0,20.12.1)

0.0
medium

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    Exploit Maturity Mature

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-SENTRY-1049561
  • published 5 Jan 2021
  • disclosed 9 Dec 2020
  • credit NisanthanNanthakumar
Report a new vulnerability Found a mistake?

Introduced: 9 Dec 2020

CVE NOT AVAILABLE CWE-601 Open this link in a new tab

How to fix?

Upgrade sentry to version 20.12.1 or higher.

Overview

Affected versions of this package are vulnerable to Open Redirect via the 'API Applications' feature. The issue lies in the OAuth endpoint created by the 'API Applications' feature. When an error occurs during the OAuth processing, the application redirects to the user-specified URL without any confirmation. This allows an attacker to conduct phishing attacks, or chain it with other bugs to elevate impact.

References