Skip to content

Uncaught "URI malformed" error in baggageHeaderToObject due to invalid percent-encoding in baggage header #16251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
3 tasks done
roman-antl-satoshilabs opened this issue May 12, 2025 · 2 comments · Fixed by #16257
Closed
3 tasks done

Uncaught "URI malformed" error in baggageHeaderToObject due to invalid percent-encoding in baggage header #16251

roman-antl-satoshilabs opened this issue May 12, 2025 · 2 comments · Fixed by #16257
Assignees
@mydea
Labels
Bug Fastify

Comments

@roman-antl-satoshilabs
Copy link

Is there an existing issue for this?

How do you use Sentry?

Self-hosted/on-premise

Which SDK are you using?

@sentry/node - fastify

SDK Version

9.17.0

Framework Version

node.js

Link to Sentry event

No response

Reproduction Example/SDK Setup

Description:
When the Sentry SDK for Node.js receives a request with an invalid baggage header (containing malformed percent-encoding, e.g. %3G or %4Z), it throws an uncaught URIError: URI malformed exception. This happens because using function decodeURIComponent in baggageHeaderToObject

This causes the entire Node.js process (e.g. Fastify server) to crash before any application-level error handling or middleware can run, making it impossible to sanitize or ignore the header at the application level.

Relevant Code:
Link here

Additional Context:

This issue cannot be worked around at the application level, since Sentry parses the header before any framework middleware or hooks are executed.
The only current workaround is to filter the header at the proxy/load balancer level, which is not always possible.
This can be exploited to cause a denial of service by sending malformed headers.

Steps to Reproduce

  1. Start a Node.js server with Sentry SDK enabled (e.g. Fastify, Express).
  2. Send a request with a baggage header containing invalid percent-encoding, e.g.: %20%3G%4Z
  3. Observe that the server crashes with a URIError: URI malformed originating from Sentry.

Expected Result

Sentry should gracefully handle invalid percent-encoding in the baggage header. Ideally, it should:

Ignore or skip invalid key-value pairs in the header.
Not crash the process.
Optionally log a warning or report the malformed header as a non-fatal event.

Actual Result

The process crashes with an uncaught exception:

URIError: URI malformed
    at decodeURIComponent (<anonymous>)
    at baggageHeaderToObject (.../sentry-javascript/packages/core/src/utils-hoist/baggage.ts:116:32)
    ...
@getsantry getsantry bot moved this to Waiting for: Product Owner in GitHub Issues with 👀 3 May 12, 2025
@mydea mydea self-assigned this May 12, 2025
@mydea
Copy link
Member

mydea commented May 12, 2025

Thanks for raising this, you are right, we should not fail on this - I'll put up a fix!

@mydea mydea mentioned this issue May 12, 2025
Merged
mydea added a commit that referenced this issue May 12, 2025
@mydea
fix(core): Gracefully handle invalid baggage entries (#16257)
5ed5627 
Fixes #16251
@github-actions GitHub Actions
Copy link
Contributor

A PR closing this issue has just been released 🚀

This issue was referenced by PR #16257, which was included in the 9.18.0 release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mydea mydea

Labels
Bug Fastify
Projects
GitHub Issues with 👀 3
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(core): Gracefully handle invalid baggage entries getsentry/sentry-javascript
2 participants
@mydea @roman-antl-satoshilabs