Getsentry Sentry-Python vulnerabilities

CVE-2024-40647 [MEDIUM] CWE-200 CVE-2024-40647: sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK < 2.8.0 allows the sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK < 2.8.0 allows the environment variables to be passed to subprocesses despite the `env={}` setting. In Python's `subprocess` calls, all environment variables are passed to subprocesses by default. However, if you specifically do not want them to be passed to subprocess

CVE-2023-28117 [MEDIUM] CWE-201 CVE-2023-28117: Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to