Shuluzhuo

**Name of the Vulnerable Software and Affected Versions** Bugsink versions prior to 2.2.0 **Description** Bugsink is a self-hosted error tracking tool that resolved sourcemaps and debug files by debug ID without scoping the lookup to the project that owned the uploaded metadata. An authenticated user with access to one project could cause event processing to use sourcemap or debug-file metadata uploaded for another project within the same instance if the same debug ID was referenced. This could lead to the disclosure of source context or symbolication-derived context from other projects. For minidumps and debug files, this issue requires the experimental `FEATURE MINIDUMPS` to be enabled. **Recommendations** Update to version 2.2.0. After upgrading, upload sourcemaps and debug files with project information. Run the command `bugsink-manage delete legacy sourcemaps` after upgrading to remove legacy projectless sourcemap metadata.