CVE-2023-7079

medium

Description

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.

References

https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828

https://github.com/cloudflare/workers-sdk/pull/4535

https://github.com/cloudflare/workers-sdk/pull/4532

Details

Source: Mitre, NVD

Published: 2023-12-29

Updated: 2024-01-05

Risk Information

CVSS v2

Base Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00201