Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request for Patch: CVE-2022-37601 in Sentry Version 24.8.0 #82601

Open
riki-nitdgp opened this issue Dec 27, 2024 · 1 comment
Open

Request for Patch: CVE-2022-37601 in Sentry Version 24.8.0 #82601

riki-nitdgp opened this issue Dec 27, 2024 · 1 comment
Labels
Waiting for: Support

Comments

@riki-nitdgp
Copy link

riki-nitdgp commented Dec 27, 2024
edited
Loading

Description

  • I would like to report a potential security vulnerability, CVE-2022-37601, that may affect Sentry version 24.8.0. This vulnerability could pose a risk to the security and stability of systems using this version of Sentry.

CVE Details
CVE ID: CVE-2022-37601

Description: This vulnerability involves improper input validation, which could potentially allow an attacker to execute arbitrary code or cause a denial of service. (Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js.) webpack/loader-utils#212
Impact: Exploiting this vulnerability could lead to unauthorized access to sensitive information or service disruption.
Impact Analysis: https://security.snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105

References

Additional Information

  • We are currently in the process of upgrading our self-hosted Sentry instance from version 24.3.0 to 24.8.0. According to the Sentry documentation on self-hosted releases, version 24.8.0 is a mandatory upgrade step before proceeding to any later versions.

Request

Given the mandatory nature of upgrading to version 24.8.0 before moving to newer versions, I kindly request a patch to address CVE-2022-37601 in this version. This will ensure the security and stability of our systems during the upgrade process.

Your prompt attention to this matter would be greatly appreciated.

Suggested Remediation

  • Provide a patch or workaround specifically for Sentry version 24.8.0 to mitigate this vulnerability.
  • Alternatively, guidance on secure configurations or temporary measures to protect against this vulnerability would be appreciated.

Additional Information
I appreciate your attention to this matter and your ongoing efforts to maintain the security of Sentry. If further information is needed to assist with this request, please let me know.

Thank you for your support.
@getsantry
Copy link
Contributor

getsantry bot commented Dec 27, 2024

Assigning to @getsentry/support for routing ⏲️

@getsantry getsantry bot moved this to Waiting for: Support in GitHub Issues with 👀 3 Dec 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Waiting for: Support
Projects
GitHub Issues with 👀 3
Status: Waiting for: Support
Milestone
No milestone
Development

No branches or pull requests
1 participant
@riki-nitdgp