CVE-2025-65944

Name of the Vulnerable Software and Affected Versions Sentry-Javascript versions 10.11.0 through 10.26.9

Description Sentry-Javascript is an official Sentry SDK for JavaScript. When a Node.js application using the SDK has sendDefaultPii set to true, sensitive HTTP headers, including the Cookie header, can be inadvertently sent to Sentry. These headers are stored within a Sentry organization as part of the associated trace, potentially allowing individuals with access to the organization to view and use these sensitive values for impersonation or privilege escalation. The sendDefaultPii variable controls the sending of Personally Identifiable Information (PII).

Recommendations Update to version 10.27.0 or later.