sentry-sdk is vulnerable to Sensitive Information Disclosure. The vulnerability exists in the cookies
function of __init__.py
when the sendDefaultPII
is set to true, the SESSION_COOKIE_NAME
or CSRF_COOKIE_NAME
uses a custom name, and when the Sentryβs data scrubber is not configured, which allows an attacker to gain access to sensitive cookies and perform unauthorized actions.
CPE | Name | Operator | Version |
---|---|---|---|
sentry-sdk | le | 1.13.0 | |
sentry-sdk | le | 1.13.0 |