CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

Veracode•added 2024/07/19 7:19 a.m.•10 views

Information Leakage

Sentry-sdk is vulnerable to Information Leakage. The vulnerability is due to subprocess calls leaking environment variables when the Stdlib integration is enabled, which could allow an attacker to gain access to sensitive environment variables by exploiting the unintended passing of these variabl...

5.3CVSS7.1AI score0.00028EPSS

Exploits0References7Affected Software1

SUSE CVE•added 2024/07/19 2:38 a.m.•1 views

SUSE CVE-2024-40647

sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...

5.3CVSS6.8AI score0.00028EPSS

Exploits0References4

OSV•added 2024/07/18 5:18 p.m.•2 views

GHSA-G92J-QHMH-64V2 Sentry's Python SDK unintentionally exposes environment variables to subprocesses

Impact The bug in Sentry's Python SDK subprocess.checkoutput"env", env="TEST":"1" b'TEST=1\n' If you'd want to not pass any variables, you can set an empty dict: subprocess.checkoutput"env", env= b'' However, the bug in Sentry SDK 2.8.0 causes all environment variables to be passed to the...

2.5CVSS5.7AI score0.00028EPSS

Exploits0References11

OSV•added 2024/07/18 4:51 p.m.•11 views

CVE-2024-40647 Unintentional exposure of environment variables to subprocesses in sentry-sdk

5.3CVSS6.4AI score0.00028EPSS

Exploits0References9