CVE-2021-47935— Sentry 8.2.0 Remote Code Execution via Pickle Deserialization
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-47935
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sentry 8.2.0 Remote Code Execution via Pickle Deserialization
Source: NVD (National Vulnerability Database)
Vulnerability Description
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint with base64-encoded compressed pickle payloads in the data field to achieve code execution with application privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sentry 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sentry是Sentry开源的一个面向开发人员的错误跟踪和性能监控平台。 Sentry 8.2.0版本存在代码注入漏洞,该漏洞源于远程代码执行漏洞,允许认证超级用户通过审计日志条目数据参数注入恶意pickle序列化对象执行任意命令,攻击者可以向管理员审计日志端点提交包含base64编码压缩pickle有效载荷的特制POST请求,在数据字段中实现应用程序权限下的代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2021-47935
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-47935
请登录查看更多情报信息。
Exploit · 1Vendor · 1Advisory · 1
IV. Related Vulnerabilities
Same product: Sentry
- CVE-2026-42354
Sentry: Improper authentication on SAML SSO process allows u - CVE-2026-26004
Sentry allows unauthorized access to event data across organ - CVE-2026-27197
Sentry: Improper Authentication on SAML SSO process allows u - CVE-2023-39338
Ivanti Sentry 安全漏洞 - CVE-2025-53099
Sentry Missing Invalidation of Authorization Codes During OA
Same vendor: Sentry
Same weakness: CWE-94
- CVE-2021-47964
Schlix CMS 2.2.6-6 Remote Code Execution via core.blockmanag - CVE-2026-44717
MCP Calculate Server: Prompt Injection to RCE - CVE-2026-41258
OpenMRS: Stored Velocity SSTI to RCE via ConceptReferenceRan - CVE-2026-35194
Apache Flink: Remote code execution via SQL injection in cod - CVE-2026-8539
Chrome<148.0.7778.168 XSS漏洞
V. Comments for CVE-2021-47935
No comments yet