CVE-2023-7079

EUVD-2024-0330
Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
cloudflareCNA
6.4 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
cloudflarewrangler
3.9.0 ≤
𝑥
< 3.19.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/cloudflare/workers-sdk/pull/4532
https://github.com/cloudflare/workers-sdk/pull/4535
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828
https://github.com/cloudflare/workers-sdk/pull/4532
https://github.com/cloudflare/workers-sdk/pull/4535
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828