CVE-2023-7078

CVSS V2 None CVSS V3 None

Description

Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.

Overview

CVE ID
CVE-2023-7078

Assigner
cloudflare

Vulnerability Status
PUBLISHED

Published Version
2023-12-29T11:53:06.669Z

Last Modified Date
2023-12-29T12:09:03.496Z

Weakness Enumerations

CWE	URL
CWE-918	http://cwe.mitre.org/data/definitions/918.html

References

Reference URL	Reference Tags
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7
https://github.com/cloudflare/workers-sdk/pull/4532

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-7078
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7078

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 02:48:57				Added to TrackCVE