Lucene search
PRIOn knowledge basePRION:CVE-2023-46729HistoryNov 10, 2023 - 1:15 a.m.
Code injection
2023-11-1001:15:00
PRIOn knowledge base
www.prio-n.com
1
code injection
sentry-javascript
javascript
http requests
next.js sdk
tunneling
security vulnerability
nvd
sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sentry_software_development_kit | ge | 7.26.0 | |
| sentry_software_development_kit | lt | 7.77.0 |
Related
nvd
nvd
CVE-2023-46729
2023-11-10 01:15:07
osv
osv
Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint
2023-11-09 22:03:44
CVE-2023-46729
2023-11-10 01:15:07
veracode
veracode
Server Side Request Forgery
2023-11-10 06:45:50
cvelist
cvelist
cve
cve
CVE-2023-46729
2023-11-10 01:15:07
github
github
Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint
2023-11-09 22:03:44