The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.
References
Link | Resource |
---|---|
https://developers.cloudflare.com/workers/wrangler/ | Product |
https://github.com/cloudflare/workers-sdk | Product |
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-8c93-4hch-xgxp | Vendor Advisory |
Configurations
History
29 Aug 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server. |
08 Aug 2023, 17:40
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-8c93-4hch-xgxp - Vendor Advisory | |
References | (MISC) https://github.com/cloudflare/workers-sdk - Product | |
References | (MISC) https://developers.cloudflare.com/workers/wrangler/ - Product | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.7 |
First Time |
Cloudflare
Cloudflare wrangler |
|
CPE | cpe:2.3:a:cloudflare:wrangler:*:*:*:*:*:node.js:*:* | |
CWE | CWE-22 |
03 Aug 2023, 15:37
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-03 15:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-3348
Mitre link : CVE-2023-3348
CVE.ORG link : CVE-2023-3348
JSON object : View
Products Affected
cloudflare
- wrangler
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')