Kmichel-Aiven

**Name of the Vulnerable Software and Affected Versions** sentry-sdk versions prior to 2.8.0 **Description** A bug in the sentry-sdk allows environment variables to be passed to subprocesses despite the `env={}` setting. In Python's `subprocess` calls, all environment variables are passed to subprocesses by default. However, if you specifically do not want them to be passed to subprocesses, you may use the `env` argument in `subprocess` calls. Due to the bug in sentry-sdk, with the Stdlib integration enabled, this expectation is not fulfilled, and all environment variables are being passed to subprocesses instead. **Recommendations** To resolve the issue, upgrade to sentry-sdk version 2.8.0 or later. As a temporary workaround, consider replacing `env={}` with a minimal dict, such as `env={"EMPTY ENV":"1"}`, or disable the Stdlib integration by removing `sentry sdk.integrations.stdlib.StdlibIntegration` from `sentry sdk.integrations. DEFAULT INTEGRATIONS` before initializing sentry sdk.