Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.
References
Link | Resource |
---|---|
https://github.com/cloudflare/workers-sdk/pull/4532 | Patch |
https://github.com/cloudflare/workers-sdk/pull/4535 | Patch |
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cloudflare
Published: 2023-12-29T11:54:08.925Z
Updated: 2023-12-29T12:08:49.883Z
Reserved: 2023-12-22T09:59:49.428Z
Link: CVE-2023-7079
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-29T12:15:47.763
Modified: 2024-01-05T18:10:15.417
Link: CVE-2023-7079
JSON object: View
Redhat Information
No data.
CWE