CVE-2021-47935
HIGH WAF: Medium
CVSS 8.8
Published: 2026-05-10
CWE-94
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint with base64-encoded compressed pickle payloads in the data field to achieve code execution with application privileges.
WAF Coverage Analysis
Code Injection
Medium WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution 933xxx - PHP Injection 934xxx - Node.js / Generic Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| sentry | sentry | 8.2.0 |
References
- sentry.io (Product)
- www.exploit-db.com (Exploit, VDB Entry)
- www.vulncheck.com (Third Party Advisory)