Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.
References
Link | Resource |
---|---|
https://github.com/cloudflare/workers-sdk/pull/4532 | Patch |
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cloudflare
Published: 2023-12-29T11:53:06.669Z
Updated: 2023-12-29T12:09:03.496Z
Reserved: 2023-12-22T09:58:30.164Z
Link: CVE-2023-7078
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-29T12:15:47.537
Modified: 2024-01-05T18:12:41.400
Link: CVE-2023-7078
JSON object: View
Redhat Information
No data.
CWE