CVE-2023-46729

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-46729

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46729.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-46729

Aliases

GHSA-2rmr-xw8m-22q9

Related

GHSA-2rmr-xw8m-22q9

Published

2023-11-10T01:15:07Z

Modified

2025-07-29T11:01:41.863455Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0.

References

Affected packages

Git / github.com/getsentry/sentry-javascript

Affected ranges

Type: GIT
Repo: https://github.com/getsentry/sentry-javascript
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ddbda3c02c35aba8c5235e0cf07fc5bf656f81be

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.1.3

0.1.4

0.2

0.2.1

0.3

0.4

0.5

0.5.1

0.5.2

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.1.0

1.1.0-rc1

1.1.0-rc2

1.1.0-rc3

1.1.0-rc4

1.1.1

1.1.10

1.1.11

1.1.12

1.1.13

1.1.14

1.1.15

1.1.16

1.1.17

1.1.18

1.1.19

1.1.2

1.1.20

1.1.21

1.1.22

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2.0

1.3.0

2.*

2.0.0

2.0.0-rc1

2.0.0-rc2

2.1.0

2.2.0

2.2.1

2.3.0

2.4.0

2.4.1

2.4.2

2.5.0

2.6.0

2.6.1

2.6.2

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.1.0

3.1.1

3.10.0

3.11.0

3.12.0

3.12.1

3.13.0

3.13.1

3.14.0

3.14.1

3.14.2

3.16.0

3.16.1

3.17.0

3.18.0

3.18.1

3.19.0

3.19.1

3.2.0

3.2.1

3.20.0

3.20.1

3.21.0

3.22.0

3.22.1

3.22.2

3.22.3

3.22.4

3.23.0

3.23.1

3.23.2

3.23.3

3.24.0

3.24.1

3.24.2

3.25.0

3.25.1

3.25.2

3.26.0

3.26.1

3.26.2

3.3.0

3.4.0

3.4.1

3.5.0

3.5.1

3.6.0

3.6.1

3.7.0

3.8.0

3.9.0

3.9.1

3.9.2

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.1.0

4.1.1

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.4.0

4.4.1

4.4.2

4.5.0

4.5.1

4.5.2

4.5.3

4.5.4

4.6.0

4.6.1

4.6.2

4.6.3

4.6.4

5.*

5.0.0

5.0.0-beta.2

5.0.0-beta1

5.0.0-rc.0

5.0.0-rc.1

5.0.0-rc.2

5.0.0-rc.3

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.1.0

5.1.1

5.1.2

5.1.3

5.10.0

5.10.1

5.10.2

5.11.0

5.11.1

5.11.2

5.12.0

5.12.1

5.12.2

5.12.3

5.12.4

5.12.5

5.13.0

5.13.1

5.13.2

5.14.0

5.14.1

5.14.2

5.15.0

5.15.1

5.15.2

5.15.3

5.15.4

5.15.5

5.16.0

5.16.0-beta.1

5.16.0-beta.2

5.16.0-beta.3

5.16.0-beta.4

5.16.0-beta.5

5.16.1

5.17.0

5.18.0

5.18.1

5.19.0

5.19.1

5.19.2

5.2.0

5.2.1

5.20.0

5.20.1

5.21.0

5.21.1

5.21.2

5.21.3

5.21.4

5.22.0

5.22.1

5.22.2

5.22.3

5.23.0

5.24.0

5.24.1

5.24.2

5.25.0

5.26.0

5.27.0

5.27.1

5.27.2

5.27.3

5.27.4

5.27.5

5.27.6

5.28.0

5.29.0

5.29.1

5.29.2

5.3.0

5.3.1

5.30.0

5.4.0

5.4.1

5.4.2

5.4.3

5.5.0

5.6.0

5.6.1

5.6.2

5.6.3

5.7.0

5.7.0-beta.0

5.7.1

5.8.0

5.9.0

5.9.1

6.*

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.1.0

6.10.0

6.11.0

6.12.0

6.13.0

6.13.1

6.13.2

6.13.3

6.14.0

6.14.1

6.14.2

6.14.3

6.15.0

6.16.0

6.16.1

6.17.0

6.17.0-beta.0

6.17.1

6.17.2

6.17.4

6.17.5

6.17.6

6.17.7

6.17.8

6.17.9

6.18.0

6.18.1

6.18.1-beta.0

6.18.2

6.19.0

6.19.1

6.19.2

6.19.3

6.19.4

6.19.5

6.19.6

6.19.7

6.2.0

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.3.0

6.3.1

6.3.2

6.3.3

6.3.4

6.3.5

6.3.6

6.4.0

6.4.1

6.5.0

6.5.1

6.6.0

6.7.0

6.7.1

6.7.2

6.8.0

6.9.0

7.*

7.0.0

7.1.0

7.1.1

7.11.0

7.11.1

7.12.0

7.12.1

7.13.0

7.14.0

7.14.1

7.14.2

7.15.0

7.16.0

7.17.1

7.17.2

7.17.3

7.17.4

7.18.0

7.19.0

7.2.0

7.20.0

7.20.1

7.21.0

7.21.1

7.22.0

7.23.0

7.24.0

7.24.1

7.24.2

7.25.0

7.26.0

7.27.0

7.28.0

7.28.1

7.29.0

7.3.0

7.3.1

7.30.0

7.31.0

7.31.1

7.32.0

7.32.1

7.33.0

7.34.0

7.35.0

7.36.0

7.37.0

7.37.1

7.37.2

7.38.0

7.39.0

7.4.1

7.40.0

7.41.0

7.42.0

7.43.0

7.44.0

7.44.1

7.44.2

7.45.0

7.46.0

7.47.0

7.48.0

7.49.0

7.5.0

7.5.1

7.50.0

7.51.0

7.51.1

7.51.2

7.52.0

7.52.1

7.53.0

7.53.1

7.54.0

7.55.0

7.55.1

7.55.2

7.56.0

7.57.0

7.58.0

7.58.1

7.59.2

7.59.3

7.6.0

7.60.0

7.60.1

7.61.0

7.61.1

7.62.0

7.63.0

7.64.0

7.65.0

7.66.0

7.67.0

7.68.0

7.69.0

7.7.0

7.70.0

7.71.0

7.72.0

7.73.0

7.74.0

7.74.1

7.75.0

7.75.1

7.76.0

7.8.0

7.8.1

7.9.0

raven-js@3.*

raven-js@3.26.3

raven-js@3.26.4

raven-js@3.27.0

raven-node@2.*

raven-node@2.6.3

raven-node@2.6.4

v0.*

v0.1.0

v0.2.0

v1.*

v1.1.0

v1.1.2

v1.1.3

v1.1.5

v1.2.0

v1.2.1

v2.*

v2.0.1

v2.0.2