Vulnerabilities

 1 via 17 paths

Dependencies

 52

Source

 GitHub

Commit

 5be93cd8

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity
new

Insertion of Sensitive Information Into Sent Data

  • Vulnerable module: @sentry/core
  • Introduced through: @sentry/browser@10.19.0 and @sentry/react@10.19.0

Detailed paths

  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/browser@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/browser@10.27.0.
  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/react@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/react@10.27.0.
  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/browser@10.19.0 @sentry-internal/browser-utils@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/browser@10.27.0.
  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/browser@10.19.0 @sentry-internal/feedback@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/browser@10.27.0.
  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/browser@10.19.0 @sentry-internal/replay@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/browser@10.27.0.
  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/browser@10.19.0 @sentry-internal/replay-canvas@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/browser@10.27.0.
  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/react@10.19.0 @sentry/browser@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/react@10.27.0.
  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/browser@10.19.0 @sentry-internal/replay@10.19.0 @sentry-internal/browser-utils@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/browser@10.27.0.
  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/react@10.19.0 @sentry/browser@10.19.0 @sentry-internal/browser-utils@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/react@10.27.0.
  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/react@10.19.0 @sentry/browser@10.19.0 @sentry-internal/feedback@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/react@10.27.0.
  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/browser@10.19.0 @sentry-internal/replay-canvas@10.19.0 @sentry-internal/replay@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/browser@10.27.0.
  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/react@10.19.0 @sentry/browser@10.19.0 @sentry-internal/replay@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/react@10.27.0.
  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/react@10.19.0 @sentry/browser@10.19.0 @sentry-internal/replay-canvas@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/react@10.27.0.
  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/browser@10.19.0 @sentry-internal/replay-canvas@10.19.0 @sentry-internal/replay@10.19.0 @sentry-internal/browser-utils@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/browser@10.27.0.
  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/react@10.19.0 @sentry/browser@10.19.0 @sentry-internal/replay@10.19.0 @sentry-internal/browser-utils@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/react@10.27.0.
  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/react@10.19.0 @sentry/browser@10.19.0 @sentry-internal/replay-canvas@10.19.0 @sentry-internal/replay@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/react@10.27.0.
  • Introduced through: {{project_name}}-frontend@vintasoftware/django-react-boilerplate#5be93cd8e9e06888e8f884ff59ec860d1fba31c5 @sentry/react@10.19.0 @sentry/browser@10.19.0 @sentry-internal/replay-canvas@10.19.0 @sentry-internal/replay@10.19.0 @sentry-internal/browser-utils@10.19.0 @sentry/core@10.19.0
    Remediation: Upgrade to @sentry/react@10.27.0.

Overview

@sentry/core is a Base implementation for all Sentry JavaScript SDKs

Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the sendDefaultPii configuration option. An attacker can gain access to sensitive HTTP headers, such as authentication cookies, by viewing traces stored within the organization. This is only exploitable if the sendDefaultPii setting is explicitly enabled in the configuration.

Workaround

This vulnerability can be mitigated by setting sendDefaultPii to false in the configuration.

Remediation

Upgrade @sentry/core to version 10.27.0 or higher.

References

Insertion of Sensitive Information Into Sent Data vulnerability report