Improper Control of Dynamically-Managed Code Resources in org.webjars.npm:sentry__browser
Cxf6aa1604-c8c2
- org.webjars.npm:sentry__browser
- @sentry/browser
Summary
The Sentry SDK for JavaScript has been identified as having the potential to be exploited in the presence of a Prototype Pollution vulnerability in an application's code or its bundled libraries. This issue affects @sentry/browser versions through 7.119.0 and 8.0.0-alpha.1 through 8.32.0. Note: This does not indicate the presence of a Prototype Pollution within the Sentry SDK itself. Users are strongly advised to first address any Prototype Pollution vulnerabilities in their application, as they pose a more critical security risk.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-913 - Improper Control of Dynamically-Managed Code Resources
The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.
References
Advisory Timeline
- Published
