ROS-20260122-73-0006

Vulnerability in python-sentry-sdk related to bypassing the authentication procedure by using an alternate path or channel. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions...

ROS-20260122-73-0004

Vulnerability in python-sentry-sdk related to a flaw in the error reporting mechanism. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

EUVD-2023-0828

Malicious code in bioql PyPI...

EUVD-2023-2851

Malicious code in bioql PyPI...

sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+

Impact Under specific circumstances, text composables may contain unmasked sensitive data in Android session replays. You may be impacted if you meet the following conditions: - Using any sentry-android with versions = 1.8.0-alpha08 - This includes any alpha, beta, release candidate, or general...

CVE-2024-40647

sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...

CVE-2023-50249

Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS Regular expression Denial of Service vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading...

Linux Distros Unpatched Vulnerability : CVE-2024-40647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite th...

ROS-20241021-05

Vulnerability in Sentry SDK real-time crash reporting software is related to a leak of sensitive cookie values. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information...

openSUSE 15 Security Update : python-sentry-sdk (openSUSE-SU-2024:0214-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0214-1 advisory. - CVE-2024-40647: Do not leak environment variables to child processes. bsc1228128 Tenable has extracted the preceding description block directly from th...

Security update for python-sentry-sdk (moderate)

openSUSE Security Update: Security update for python-sentry-sdk Announcement ID: openSUSE-SU-2024:0214-1 Rating: moderate References: 1228128 Cross-References: CVE-2024-40647 Affected Products: openSUSE Backports SLE-15-SP5 An update that fixes one vulnerability is now available. Description: Thi...

Information Leakage

Sentry-sdk is vulnerable to Information Leakage. The vulnerability is due to subprocess calls leaking environment variables when the Stdlib integration is enabled, which could allow an attacker to gain access to sensitive environment variables by exploiting the unintended passing of these variabl...

SUSE CVE-2024-40647

sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...

OPENSUSE-SU-2024:14209-1 python310-sentry-sdk-2.10.0-1.1 on GA media

These are all security issues fixed in the python310-sentry-sdk-2.10.0-1.1 package on the GA media of openSUSE Tumbleweed...

3lc (>=2.7.0 <=2.21.3), 3lc-ultralytics (>=0.1.0 <=0.1.5) +3998 more potentially affected by CVE-2024-40647 via sentry-sdk (>=2.0.0rc4 <=2.7.1)

sentry-sdk PYPI version =2.0.0rc4, =2.7.0, =0.1.0, =0.3.0, =0.1.0, =1.1.3, =0.3.4, =0.2.0a0, =1.0.5, =1.2.0, =0.1.0, =0.1.0, =0.1.0, =0.1.4 and more Source cves: CVE-2024-40647 Source advisory: OSV:GHSA-G92J-QHMH-64V2...

UBUNTU-CVE-2024-40647

sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...

CVE-2024-40647

CVE-2024-40647 affects the Python SDK for Sentry (sentry-sdk) prior to 2.8.0. With the Stdlib integration enabled by default, a bug causes environment variables to be passed to subprocesses in Python’s subprocess calls, even when env={} is specified. The issue is fixed in sentry-sdk 2.8.0 (and pa...

CVE-2024-40647

sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...

CVE-2024-40647 Unintentional exposure of environment variables to subprocesses in sentry-sdk

sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...

OPENSUSE-SU-2024:11791-1 python310-sentry-sdk-1.5.4-1.1 on GA media

These are all security issues fixed in the python310-sentry-sdk-1.5.4-1.1 package on the GA media of openSUSE Tumbleweed...