15 matches found
EUVD-2023-3202
Malicious code in bioql PyPI...
Server Side Request Forgery
miniflare is vulnerable to Server Side Request Forgery. The vulnerability is caused due to a configuration which listens to requests from external network interfaces . As a result of this configuration, an attacker can access local servers by sending specially crafted Websocket requests to the...
GHSA-FWVG-2739-22V7 Miniflare vulnerable to Server-Side Request Forgery (SSRF)
Impact Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network...
Miniflare vulnerable to Server-Side Request Forgery (SSRF)
Impact Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network...
@askcodebase/wrangler (>=3.15.0 <=3.15.8), @astrojs/cloudflare (>=0.0.0-404-fix-20231115224256 <=8.0.1) +17 more potentially affected by CVE-2023-7078 via miniflare (>=3.20230904.0 <=3.20231030.1)
miniflare NPM version =3.20230904.0, =3.15.0, =0.0.0-404-fix-20231115224256, =1.0.274, =0.0.0-1e516e3, =0.9.0, =0.0.5, =0.2.0, =0.0.1, =0.0.6, =0.0.0-next-0ae7cbe-20231025215955, =0.0.0-next-0ae7cbe-20231025215955, =0.0.1, =0.0.1, =1.0.6, =2.0.7-alpha.1 and more Source cves: CVE-2023-7078 Source...
CVE-2023-7078
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network could...
CVE-2023-7080
The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary cod...
CVE-2023-7078
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network could...
CVE-2023-7080
The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary cod...
Design/Logic Flaw
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network could...
CVE-2023-7078
CVE-2023-7078 describes a server-side request forgery in Miniflare’s server. Sending specially crafted HTTP requests could cause the server to emit arbitrary HTTP and WebSocket requests, potentially enabling an attacker on the local network to reach other local services if Miniflare listened on e...
CVE-2023-7078 Server-Side Request Forgery (SSRF) in Miniflare
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network could...
CVE-2023-7078 Server-Side Request Forgery (SSRF) in Miniflare
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network could...
PT-2023-32863 · Miniflare · Miniflare
Name of the Vulnerable Software and Affected Versions: Miniflare versions prior to 3.20231030.2 Description: Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on...
@miniflare/tre (=3.0.0-next.14), miniflare (>=0.20230628.0 <=0.20230908.0) +1 more potentially affected by CVE-2023-2512 via workerd (>=0.20230628.0 <=1.20230404.0)
workerd NPM version =0.20230628.0, =0.20230628.0, =0.0.0-3f61892d, =0.0.0-bcdc1fe5 Source cves: CVE-2023-2512 Source advisory: OSV:GHSA-8VX6-69VG-C46F...