CVE-2023-7079

Опубликовано: 29 дек. 2023

Источник: nvd

CVSS3: 6.4

CVSS3: 5.7

EPSS Низкий

Описание

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.

Ссылки

https://github.com/cloudflare/workers-sdk/pull/4532
Patch
https://github.com/cloudflare/workers-sdk/pull/4535
Patch
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828
Patch
Third Party Advisory
https://github.com/cloudflare/workers-sdk/pull/4532
Patch
https://github.com/cloudflare/workers-sdk/pull/4535
Patch
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cloudflare:wrangler:*:*:*:*:*:node.js:*:*

Версия от 3.9.0 (включая) до 3.19.0 (исключая)

EPSS

Процентиль: 22%

0.00071

Низкий

6.4 Medium

CVSS3

5.7 Medium

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-cfph-4qqh-w828

CVSS3: 6.9

github

около 2 лет назад

Arbitrary remote file read in Wrangler dev server

EPSS

Процентиль: 22%

0.00071

Низкий

6.4 Medium

CVSS3

5.7 Medium

CVSS3

Дефекты

CWE-287