sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-11-10T00:57:15.611Z

Updated: 2024-09-03T17:44:32.064Z

Reserved: 2023-10-25T14:30:33.751Z

Link: CVE-2023-46729

cve-icon Vulnrichment

Updated: 2024-08-02T20:53:21.586Z

cve-icon NVD

Status : Modified

Published: 2023-11-10T01:15:07.430

Modified: 2024-11-21T08:29:10.590

Link: CVE-2023-46729

cve-icon Redhat

No data.