Описание
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.
Ссылки
- Patch
- PatchThird Party Advisory
- Patch
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.20230821.0 (включая) до 3.20231030.2 (исключая)
cpe:2.3:a:cloudflare:miniflare:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 17%
0.00053
Низкий
7.5 High
CVSS3
8.1 High
CVSS3
Дефекты
CWE-918
CWE-918
Связанные уязвимости
CVSS3: 7.5
github
около 2 лет назад
Miniflare vulnerable to Server-Side Request Forgery (SSRF)
EPSS
Процентиль: 17%
0.00053
Низкий
7.5 High
CVSS3
8.1 High
CVSS3
Дефекты
CWE-918
CWE-918