Home > Vulnerability Database > CVE-2023-7079

Mend.io Vulnerability Database

CVE-2023-7079

Good to know:

Date: December 29, 2023

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.

Language: TYPE_SCRIPT

Severity Score

5.7

Related Resources (5)

Url: https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828

Url: https://github.com/cloudflare/workers-sdk/pull/4535

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-7079

Url: https://github.com/cloudflare/workers-sdk/pull/4532

Url: https://www.mend.io/vulnerability-database/CVE-2023-7079

Severity Score

5.7

Weakness Type (CWE)

Authentication Issues

CWE-287

Top Fix

Upgrade Version

Upgrade to version wrangler - 3.19.0

Learn More

CVSS v3.1

Base Score:	5.7
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-7079

Good to know:

Date: December 29, 2023

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?