Vulnerability Description
The Wrangler command line tool (<[email protected] or <[email protected]) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudflare | Wrangler | < 3.1.1 |
Related Weaknesses (CWE)
References
- https://developers.cloudflare.com/workers/wrangler/Product
- https://github.com/cloudflare/workers-sdkProduct
- https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-8c93-4hch-xgxVendor Advisory
- https://developers.cloudflare.com/workers/wrangler/Product
- https://github.com/cloudflare/workers-sdkProduct
- https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-8c93-4hch-xgxVendor Advisory
FAQ
What is CVE-2023-3348?
CVE-2023-3348 is a vulnerability with a CVSS score of 5.7 (MEDIUM). The Wrangler command line tool (<[email protected] or <[email protected]) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev comman...
How severe is CVE-2023-3348?
CVE-2023-3348 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-3348?
Check the references section above for vendor advisories and patch information. Affected products include: Cloudflare Wrangler.