Vulnerability Description
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudflare | Miniflare | >= 3.20230821.0, < 3.20231030.2 |
Related Weaknesses (CWE)
References
- https://github.com/cloudflare/workers-sdk/pull/4532Patch
- https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22vPatchThird Party Advisory
- https://github.com/cloudflare/workers-sdk/pull/4532Patch
- https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22vPatchThird Party Advisory
FAQ
What is CVE-2023-7078?
CVE-2023-7078 is a vulnerability with a CVSS score of 7.5 (HIGH). Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external networ...
How severe is CVE-2023-7078?
CVE-2023-7078 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-7078?
Check the references section above for vendor advisories and patch information. Affected products include: Cloudflare Miniflare.