Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.
References
Link | Resource |
---|---|
https://github.com/cloudflare/workers-sdk/pull/4532 | Patch |
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 | Patch Third Party Advisory |
Configurations
History
05 Jan 2024, 18:12
Type | Values Removed | Values Added |
---|---|---|
First Time |
Cloudflare
Cloudflare miniflare |
|
CWE | CWE-918 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
CPE | cpe:2.3:a:cloudflare:miniflare:*:*:*:*:*:node.js:*:* | |
References | () https://github.com/cloudflare/workers-sdk/pull/4532 - Patch | |
References | () https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 - Patch, Third Party Advisory |
29 Dec 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-29 12:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-7078
Mitre link : CVE-2023-7078
CVE.ORG link : CVE-2023-7078
JSON object : View
Products Affected
cloudflare
- miniflare
CWE
CWE-918
Server-Side Request Forgery (SSRF)