EUVD-2023-0239

Malicious code in bioql PyPI...

CVE-2023-36829

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...

Cross site scripting

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...

Sentry CORS misconfiguration

Impact The Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry installation. This only affects installations that have system.base-hostname option explicitly set, as it is empty by...

CVE-2023-36829 Sentry CORS misconfiguration vulnerability

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...

...because you can't get enough of clickjacking

I promise to post something more interesting shortly - but in the meantime, I wanted to drop a quick note about something kinda amusing. There was a considerable amount of buzz around clickjacking 1 in the past year or so. It is commonly believed that this simple attack can only be realistically...