CVE-2023-7079

CVSS V2 None CVSS V3 None

Description

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.

Overview

CVE ID
CVE-2023-7079

Assigner
cloudflare

Vulnerability Status
PUBLISHED

Published Version
2023-12-29T11:54:08.925Z

Last Modified Date
2023-12-29T12:08:49.883Z

Weakness Enumerations

CWE	URL
CWE-287	http://cwe.mitre.org/data/definitions/287.html

References

Reference URL	Reference Tags
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828
https://github.com/cloudflare/workers-sdk/pull/4532
https://github.com/cloudflare/workers-sdk/pull/4535

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-7079
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7079

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 03:06:19				Added to TrackCVE