An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0ycm1yLXh3OG0tMjJxOc4AA3B6
Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint
An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This could open door for other attack vectors:
- client-side vulnerabilities: XSS/CSRF in the context of the trusted domain;
- interaction with internal network;
- read cloud metadata endpoints (AWS, Azure, Google Cloud, etc.);
- local/remote port scan.
This issue only affects users who have Next.js SDK tunneling feature enabled.
The problem has been fixed in sentry/[email protected]
Disable tunneling by removing the
tunnelRoute option from Sentry Next.js SDK config —
Source: GitHub Advisory Database
Published: 19 days ago
Updated: 11 days ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-2rmr-xw8m-22q9, CVE-2023-46729
Fixed in: 7.77.0