CVE-2023-46729

MEDIUM Year: 2023
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0.

Related Vulnerabilities

CVE-2017-9506

MEDIUM
CVSS:6.1(Medium)

The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network ...

CWE-9182017

CVE-2020-4882

MEDIUM
CVSS:6.1(Medium)

IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to ...

CWE-9182020

CVE-2021-25640

MEDIUM
CVSS:6.1(Medium)

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.

CWE-9182021

CVE-2021-34425

MEDIUM
CVSS:6.1(Medium)

The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In vers...

CWE-9182021

CVE-2022-24969

MEDIUM
CVSS:6.1(Medium)

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

CWE-9182022

CVE-2023-28155

MEDIUM
CVSS:6.1(Medium)

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This v...

CWE-9182023