Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the ComposeViewHierarchyNode object. An attacker can access unmasked sensitive data by reviewing Android session replays that include text composables. Note: This ...

sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+

Impact Under specific circumstances, text composables may contain unmasked sensitive data in Android session replays. You may be impacted if you meet the following conditions: - Using any sentry-android with versions = 1.8.0-alpha08 - This includes any alpha, beta, release candidate, or general...

GHSA-7CJH-XX4R-QH3F sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+

Impact Under specific circumstances, text composables may contain unmasked sensitive data in Android session replays. You may be impacted if you meet the following conditions: - Using any sentry-android with versions = 1.8.0-alpha08 - This includes any alpha, beta, release candidate, or general...

PT-2025-27499 · Maven · Io.Sentry:Sentry-Android +1

Impact Under specific circumstances, text composables may contain unmasked sensitive data in Android session replays. You may be impacted if you meet the following conditions: - Using any sentry-android with versions = 1.8.0-alpha08 - This includes any alpha, beta, release candidate, or general...

The vulnerability of the library for implementing navigation in Android Jetpack Navigation Library lies in the improper definition of symbolic links before accessing a file. This allows attackers to bypass existing security restrictions, gain unauthorized access to the application, and inject arbitrary parameters into it.

The vulnerability of the Android Jetpack Navigation Library, which is used for navigation in applications, is related to incorrect definition of symbolic links before accessing the file. Exploiting this vulnerability can allow attackers to bypass existing security restrictions, gain unauthorized...

CVE-2024-0115

NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains a vulnerability in Python APIs where a user may cause an uncontrolled resource consumption issue by a long running CV-CUDA Python process. A successful exploit of this vulnerability may lead to denial of service and data loss...

CVE-2024-9926

The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form...

CVE-2024-4392

The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpvideo shortcode in all versions up to, and including, 13.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

CVE-2024-10382

There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An attacker needs to...

CVE-2024-10858

The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com...

CVE-2023-47788

Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7...

CVE-2023-47774

Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7...

CVE-2023-27429

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin = 5.4.4 versions...

CVE-2023-2996

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization...

CVE-2022-3919

The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-4497

The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

CVE-2021-24374

The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhgvcs that allowed the comments of non-published...

CVE-2021-24229

The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreonsaveattachmentpatreonlevel AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is...

CVE-2020-5974

NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges...

CVE-2018-20966

The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature...