// For flags

CVE-2023-50249

Sentry's Astro SDK vulnerable to ReDoS

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has been patched in sentry/astro version 7.87.0.

Sentry-Javascript es el SDK oficial de Sentry para JavaScript. Se ha identificado una vulnerabilidad ReDoS (Denegación de servicio de expresión regular) en Astro SDK 7.78.0-7.86.0 de Sentry. Bajo ciertas condiciones, esta vulnerabilidad permite que un atacante provoque tiempos de cálculo excesivos en el servidor, lo que lleva a una denegación de servicio (DoS). Esta vulnerabilidad ha sido parcheada en sentry/astro versión 7.87.0.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-12-05 CVE Reserved
  • 2023-12-20 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-11-19 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-400: Uncontrolled Resource Consumption
  • CWE-1333: Inefficient Regular Expression Complexity
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sentry
Search vendor "Sentry"
Astro
Search vendor "Sentry" for product "Astro"
>= 7.78.0 < 7.87.0
Search vendor "Sentry" for product "Astro" and version " >= 7.78.0 < 7.87.0"
node.js
Affected