High severityNVD Advisory· Published Dec 20, 2023· Updated Aug 2, 2024
Sentry's Astro SDK vulnerable to ReDoS
CVE-2023-50249
Description
Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has been patched in sentry/astro version 7.87.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@sentry/astronpm | >= 7.78.0, < 7.87.0 | 7.87.0 |
Affected products
2- Range: >= 7.78.0, < 7.87.0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-x3v3-8xg8-8v72ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-50249ghsaADVISORY
- docs.sentry.io/platforms/javascript/guides/astro/manual-setup/ghsaWEB
- github.com/getsentry/sentry-javascript/commit/fe24eb5eefa9d27b14b2b6f9ebd1debca1c208fbghsax_refsource_MISCWEB
- github.com/getsentry/sentry-javascript/pull/9815ghsax_refsource_MISCWEB
- github.com/getsentry/sentry-javascript/security/advisories/GHSA-x3v3-8xg8-8v72ghsax_refsource_CONFIRMWEB
- www.npmjs.com/package/@sentry/astro/v/7.87.0ghsaWEB
News mentions
0No linked articles in our index yet.