6.4

CVE-2023-7079

Arbitrary remote file read in Wrangler dev server

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CloudflareWrangler SwPlatformnode.js Version >= 3.9.0 < 3.19.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.7% 0.482
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.7 2.1 3.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
cna@cloudflare.com 6.4 1.2 4.7
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/cloudflare/workers-sdk/pull/4532
Patch
https://github.com/cloudflare/workers-sdk/pull/4535
Patch
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828
Patch
Third Party Advisory