CVE-2025-65944MEDIUM≥ 10.11.0, < 10.27.02025-11-24
CVE-2025-65944 [MEDIUM] CWE-201 Sentry's sensitive headers are leaked when `sendDefaultPii` is set to `true`
Sentry's sensitive headers are leaked when `sendDefaultPii` is set to `true`
### Impact
In version 10.11.0, a change to how the SDK collects request data in Node.js applications caused certain incoming HTTP headers to be added as trace span attributes. When `sendDefaultPii: true` was set, a few headers that were previously redacted - including Authorization and Cookie - were unintentiona
ghsaosv