漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint
Vulnerability Description
sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Mobileiron Sentry 安全漏洞
Vulnerability Description
Mobileiron Sentry是美国思可信(Mobileiron)公司的一款智能网关产品。 Mobileiron Sentry Sentry-javascript 7.77.0之前版本存在安全漏洞,该漏洞源于未经净化的输入允许将HTTP请求发送到任意URL并将响应反射回用户。
CVSS Information
N/A
Vulnerability Type
N/A