Sentry Nextjs vulnerabilities

CVE-2025-65944 [MEDIUM] CWE-201 Sentry's sensitive headers are leaked when `sendDefaultPii` is set to `true` Sentry's sensitive headers are leaked when `sendDefaultPii` is set to `true` ### Impact In version 10.11.0, a change to how the SDK collects request data in Node.js applications caused certain incoming HTTP headers to be added as trace span attributes. When `sendDefaultPii: true` was set, a few headers that were previously redacted - including Authorization and Cookie - were unintentiona

CVE-2023-46729 [MEDIUM] CWE-918 Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint ### Impact An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This could open door for other attack vectors: * client-side vulnerabilities: XSS/CSRF in the context of the trusted domain; * interaction with internal network; * read cloud meta