2 matches found
CVE-2023-28117
CVE-2023-28117 affects the Sentry SDK for Python (Django integration) prior to 1.14.0. When sendDefaultPII is True and a custom SESSION_COOKIE_NAME or CSRF_COOKIE_NAME is used, cookies (including session cookies) can be leaked to Sentry, potentially enabling impersonation or privilege escalation ...
CVE-2023-46729
CVE-2023-46729 affects the Sentry JavaScript SDK for Next.js tunneling. An unsanitized input in the Next.js SDK tunnel endpoint allows making HTTP requests to arbitrary URLs and reflecting the response back to the user, exposing potential SSRF risks. This issue is limited to users who have the Ne...