Vulnerabilities > CVE-2023-46729 - Server-Side Request Forgery (SSRF) vulnerability in Sentry Software Development KIT

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
sentry
CWE-918

Summary

sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0.

Vulnerable Configurations

Part Description Count
Application
Sentry
72

Common Weakness Enumeration (CWE)