Vulnerability Description
Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudflare | Wrangler | >= 3.9.0, < 3.19.0 |
Related Weaknesses (CWE)
References
- https://github.com/cloudflare/workers-sdk/pull/4532Patch
- https://github.com/cloudflare/workers-sdk/pull/4535Patch
- https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w82PatchThird Party Advisory
- https://github.com/cloudflare/workers-sdk/pull/4532Patch
- https://github.com/cloudflare/workers-sdk/pull/4535Patch
- https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w82PatchThird Party Advisory
FAQ
What is CVE-2023-7079?
CVE-2023-7079 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could ...
How severe is CVE-2023-7079?
CVE-2023-7079 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-7079?
Check the references section above for vendor advisories and patch information. Affected products include: Cloudflare Wrangler.