Thursday, November 9th 2023
Vercel has proactively protected against a vulnerability in the Sentry Next.js SDK
Posted by
A security vulnerability was discovered that affects Sentry’s Next.js SDK, which made it possible to exploit Sentry’s Tunnel feature to establish Server-Side Request Forgery (SSRF) attacks.
The Sentry team has already released a patch with the latest version 7.77.0.
While we still recommend updating to the latest version of the Sentry SDK, Vercel has taken proactive measures on our firewall to protect our customers.
We will continue to proactively protect all Sentry + Next.js deployments on Vercel, regardless of Sentry's Next.js SDK version running.