GHSA-8c93-4hch-xgxp

Suggest an improvement
Source
https://github.com/advisories/GHSA-8c93-4hch-xgxp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-8c93-4hch-xgxp/GHSA-8c93-4hch-xgxp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-8c93-4hch-xgxp
Aliases
Related
Published
2023-08-03T16:34:31Z
Modified
2023-11-08T04:12:40.670367Z
Severity
  • 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Cloudflare Wrangler directory traversal vulnerability
Details

Impact

The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.

Patches

Wrangler2: Upgrade to v2.20.1 or higher. Wrangler3: Upgrade to v3.1.1 or higher.

References

Workers SDK on Github Wrangler docs CVE-2023-3348

Database specific
{
    "github_reviewed_at": "2023-08-03T16:34:31Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-22"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2023-08-03T15:15:30Z"
}
References

Affected packages

npm / wrangler

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.20.1