CVE-2023-7078

🗓️ 29 Dec 2023 11:53:06Reported by cloudflareType

Sending crafted HTTP requests to Miniflare's server could result in arbitrary requests being sent from the server

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-7078	29 Dec 202313:27	–	circl
CNNVD	Wrangler Code Issue Vulnerability	29 Dec 202300:00	–	cnnvd
Cvelist	CVE-2023-7078 Server-Side Request Forgery (SSRF) in Miniflare	29 Dec 202311:53	–	cvelist
EUVD	EUVD-2023-3202	3 Oct 202520:07	–	euvd
Github Security Blog	Miniflare vulnerable to Server-Side Request Forgery (SSRF)	29 Dec 202319:36	–	github
NVD	CVE-2023-7078	29 Dec 202312:15	–	nvd
OSV	GHSA-FWVG-2739-22V7 Miniflare vulnerable to Server-Side Request Forgery (SSRF)	29 Dec 202319:36	–	osv
Prion	Design/Logic Flaw	29 Dec 202312:15	–	prion
Prion	Design/Logic Flaw	29 Dec 202312:15	–	prion
Positive Technologies	PT-2023-32863 · Miniflare · Miniflare	29 Dec 202300:00	–	ptsecurity

NVD

Node

cloudflare miniflareRange3.20230821.0–3.20231030.2node.js

[
  {
    "defaultStatus": "unaffected",
    "packageName": "miniflare",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux"
    ],
    "product": "miniflare",
    "repo": "https://github.com/cloudflare/workers-sdk",
    "vendor": "Cloudflare",
    "versions": [
      {
        "changes": [
          {
            "at": "3.20231030.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "<=3.20230821.0",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      },
      {
        "changes": [
          {
            "at": "3.20231030.2",
            "status": "unaffected"
          }
        ],
        "lessThan": "3.20231030.2",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  }
]

Source	Link
github	www.github.com/cloudflare/workers-sdk/pull/4532
github	www.github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7

21 Nov 2024 08:45Current

7.6High risk

Vulners AI Score7.6

CVSS 3.17.5 - 8.1

EPSS0.00072

SSVC

CWE-918