CVE-2023-50249

Name of the Vulnerable Software and Affected Versions Sentry's Astro SDK versions 7.78.0 through 7.86.0

Description A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). Applications that are using Sentry's Astro SDK are affected if they're using Sentry instrumentation, have manually registered Sentry Middleware, or have configured Astro in SSR (server) or hybrid mode. They must also have configured routes with at least two path params.

Recommendations For versions 7.78.0 through 7.86.0, upgrade to version 7.87.0 to patch the vulnerability. As a temporary workaround, consider disabling auto instrumentation if you're using Astro 3.5.0 or newer, and remove the manually added Sentry middleware. This will prevent the vulnerability from being exploited, but some details such as server-side transactions will be omitted.