Name of the Vulnerable Software and Affected Versions: sentry-react-native versions 5.16.0 through 5.19.0

Description: The issue allows Sentry auth tokens to be set in the optional authToken configuration parameter for debugging purposes, which could result in the auth token being built into the application bundle and potentially exposed if the application bundle is published.

Recommendations: For sentry-react-native versions 5.16.0 through 5.19.0, remove the authToken from the plugin configuration to prevent potential exposure. If you had set the authToken in the plugin config previously and built and published an app with that config, rotate your token. For versions 5.19.1 and later, the behavior that allowed setting an authToken parameter is fixed, and setting this parameter will result in a warning and the authToken being removed before bundling the application.