关键信息 Title: Sensitive HTTP headers may be inadvertently sent to Sentry when is set to Package: @sentry/node (npm) Affected Versions: >=10.11.0, =10.27.0 Severity: Moderate (5.1/10) CVE ID: CVE-2025-65944 CWE: CWE-201 (Sensitive Information Exposure) Description Impact: - In version 10.11.0, a change in the SDK caused certain HTTP headers to be included as trace span attributes when was set. Headers like and were exposed. - Sentry's server-side scrubbing (Relay proxy) failed to catch these headers due to similar matching logic. You may be impacted if: 1. Your Sentry SDK config has . 2. You use Sentry Node.js SDK versions >=10.11.0, <10.27.0. Patches The issue is fixed in all Sentry JavaScript SDKs starting from version . Workarounds Upgrade to the latest SDK version, or later. Alternatively, set if upgrading is not possible.