Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0ycm1yLXh3OG0tMjJxOc4AA3B6
Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint
Impact
An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This could open door for other attack vectors:
- client-side vulnerabilities: XSS/CSRF in the context of the trusted domain;
- interaction with internal network;
- read cloud metadata endpoints (AWS, Azure, Google Cloud, etc.);
- local/remote port scan.
This issue only affects users who have Next.js SDK tunneling feature enabled.
Patches
The problem has been fixed in sentry/[email protected]
Workarounds
Disable tunneling by removing the tunnelRoute option from Sentry Next.js SDK config — next.config.js or next.config.mjs.
References
Credits
Permalink: https://github.com/advisories/GHSA-2rmr-xw8m-22q9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0ycm1yLXh3OG0tMjJxOc4AA3B6
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 6 months ago
Updated: 6 months ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-2rmr-xw8m-22q9, CVE-2023-46729
References:
- https://github.com/getsentry/sentry-javascript/security/advisories/GHSA-2rmr-xw8m-22q9
- https://github.com/getsentry/sentry-javascript/pull/9415
- https://github.com/getsentry/sentry-javascript/commit/ddbda3c02c35aba8c5235e0cf07fc5bf656f81be
- https://blog.sentry.io/next-js-sdk-security-advisory-cve-2023-46729/
- https://docs.sentry.io/platforms/javascript/guides/nextjs/manual-setup/#configure-tunneling-to-avoid-ad-blockers
- https://www.npmjs.com/package/@sentry/nextjs/v/7.77.0
- https://nvd.nist.gov/vuln/detail/CVE-2023-46729
- https://github.com/advisories/GHSA-2rmr-xw8m-22q9
Blast Radius: 21.2
Affected Packages
npm:@sentry/nextjs
Dependent packages: 55Dependent repositories: 2,996
Downloads: 4,496,689 last month
Affected Version Ranges: >= 7.26.0, < 7.77.0
Fixed in: 7.77.0
All affected versions: 7.26.0, 7.27.0, 7.28.0, 7.28.1, 7.29.0, 7.30.0, 7.31.0, 7.31.1, 7.32.0, 7.32.1, 7.33.0, 7.34.0, 7.35.0, 7.36.0, 7.37.0, 7.37.1, 7.37.2, 7.38.0, 7.39.0, 7.40.0, 7.41.0, 7.42.0, 7.43.0, 7.44.0, 7.44.1, 7.44.2, 7.45.0, 7.46.0, 7.47.0, 7.48.0, 7.49.0, 7.50.0, 7.51.0, 7.51.1, 7.51.2, 7.52.0, 7.52.1, 7.53.0, 7.53.1, 7.54.0, 7.55.0, 7.55.1, 7.55.2, 7.56.0, 7.57.0, 7.58.0, 7.58.1, 7.59.1, 7.59.2, 7.59.3, 7.60.0, 7.60.1, 7.61.0, 7.61.1, 7.62.0, 7.63.0, 7.64.0, 7.65.0, 7.66.0, 7.67.0, 7.68.0, 7.69.0, 7.70.0, 7.71.0, 7.72.0, 7.73.0, 7.74.0, 7.74.1, 7.75.0, 7.75.1, 7.76.0
All unaffected versions: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.4.0, 6.4.1, 6.5.0, 6.5.1, 6.6.0, 6.7.0, 6.7.1, 6.7.2, 6.8.0, 6.9.0, 6.10.0, 6.11.0, 6.12.0, 6.13.0, 6.13.1, 6.13.2, 6.13.3, 6.14.0, 6.14.1, 6.14.2, 6.14.3, 6.15.0, 6.16.0, 6.16.1, 6.17.0, 6.17.1, 6.17.2, 6.17.3, 6.17.4, 6.17.5, 6.17.6, 6.17.7, 6.17.8, 6.17.9, 6.18.0, 6.18.1, 6.18.2, 6.19.0, 6.19.1, 6.19.2, 6.19.3, 6.19.4, 6.19.5, 6.19.6, 6.19.7, 7.0.0, 7.1.0, 7.1.1, 7.2.0, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 7.6.0, 7.7.0, 7.8.0, 7.8.1, 7.9.0, 7.10.0, 7.11.0, 7.11.1, 7.12.0, 7.12.1, 7.13.0, 7.14.0, 7.14.1, 7.14.2, 7.15.0, 7.16.0, 7.17.0, 7.17.1, 7.17.2, 7.17.3, 7.17.4, 7.18.0, 7.19.0, 7.20.0, 7.20.1, 7.21.0, 7.21.1, 7.22.0, 7.23.0, 7.24.0, 7.24.1, 7.24.2, 7.25.0, 7.77.0, 7.78.0, 7.79.0, 7.80.0, 7.80.1, 7.81.0, 7.81.1, 7.82.0, 7.83.0, 7.84.0, 7.85.0, 7.86.0, 7.87.0, 7.88.0, 7.89.0, 7.90.0, 7.91.0, 7.92.0, 7.93.0, 7.94.1, 7.95.0, 7.97.0, 7.98.0, 7.99.0, 7.100.0, 7.100.1, 7.101.0, 7.101.1, 7.102.0, 7.102.1, 7.103.0, 7.104.0, 7.105.0, 7.106.0, 7.106.1, 7.107.0, 7.108.0, 7.109.0, 7.110.0, 7.110.1, 7.111.0, 7.112.0, 7.112.1, 7.112.2