@sentry/nextjs@7.30.0 vulnerabilities
Official Sentry SDK for Next.js
-
latest version
8.7.0
-
latest non vulnerable version
-
first published
3 years ago
-
latest version published
2 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @sentry/nextjs package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@sentry/nextjs is an Official Sentry SDK for Next.js Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) through the When using the tunnelRoute option, the Sentry Next.js SDK creates a Next.js rewrite that uses an unsanitized URL parameter to create the rewrite target. The target is intended to always point ingestion domain Note: This vulnerability does not affect any of the other Sentry SDK’s. This issue only affects users who have Next.js SDK tunneling feature enabled. How to fix Server-Side Request Forgery (SSRF)? Upgrade |
>=7.26.0 <7.77.0
|