7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.4%
A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry’s Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS).
Applications that are using Sentry’s Astro SDK are affected if:
/foo/[p1]/bar/[p2]
).The problem has been patched in @sentry/[email protected].
The corresponding PR: https://github.com/getsentry/sentry-javascript/pull/9815
We strongly recommend upgrading to the latest SDK version. However, if it’s not possible, the steps to mitigate the vulnerability without upgrade are:
After these changes, Sentry error reporting will still be functional, but some details such as server-side transactions (and consequently, distributed traces between client and server) will be omitted. We therefore still recommend to update to 7.87.0 as soon as you can.
CPE | Name | Operator | Version |
---|---|---|---|
@sentry/astro | lt | 7.87.0 |
docs.sentry.io/platforms/javascript/guides/astro/manual-setup/#disable-auto-server-instrumentation
github.com/advisories/GHSA-x3v3-8xg8-8v72
github.com/getsentry/sentry-javascript/commit/fe24eb5eefa9d27b14b2b6f9ebd1debca1c208fb
github.com/getsentry/sentry-javascript/pull/9815
github.com/getsentry/sentry-javascript/security/advisories/GHSA-x3v3-8xg8-8v72
nvd.nist.gov/vuln/detail/CVE-2023-50249
www.npmjs.com/package/@sentry/astro/v/7.87.0
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.4%