CVE-2023-46729

CVSS 3.1 Score 9.3 of 10 (high)

Details

Published Nov 10, 2023
Updated: Nov 16, 2023
CWE ID 918

Summary

CVE-2023-46729 is a critical server-side request forgery vulnerability that affects users who have Next.js SDK tunneling feature enabled in sentry-javascript. This vulnerability allows an attacker to send HTTP requests to arbitrary URLs and reflect the response back to the user. The issue has been fixed in version 7.77.0 of the affected products. The vulnerability poses a high risk to organizations as it can lead to unauthorized access, data breaches, and potential compromise of sensitive information. Remediation involves updating the affected products to the fixed version.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-46729 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options