Description
Package and Versions
Package: sentry/browser
Affected Version(s): <8.33.0
Patched Version(s): 8.33.0
Description
In case a Prototype Pollution vulnerability is present in a user's application or bundled libraries, the Sentry SDK could potentially serve as a gadget to exploit that vulnerability. The exploitability depends on the specific details of the underlying Prototype Pollution issue.
Note: This advisory does not indicate the presence of a Prototype Pollution within the Sentry SDK itself. Users are strongly advised to first address any Prototype Pollution vulnerabilities in their application, as they pose a more critical security risk.
Impact
The exploitability and impact depends on the specific details of the underlying Prototype Pollution issue.
Patches
The issue was patched in all Sentry JavaScript SDKs starting from the 8.33.0 version.
Workarounds
No workaround are available.
CVSS 3.1 Score and Vector
Severity: Low