6 matches found
@askcodebase/wrangler (>=3.15.0 <=3.15.8), @astrojs/cloudflare (>=0.0.0-404-fix-20231115224256 <=8.0.1) +17 more potentially affected by CVE-2023-7078 via miniflare (>=3.20230904.0 <=3.20231030.1)
miniflare NPM version =3.20230904.0, =3.15.0, =0.0.0-404-fix-20231115224256, =1.0.274, =0.0.0-1e516e3, =0.9.0, =0.0.5, =0.2.0, =0.0.1, =0.0.6, =0.0.0-next-0ae7cbe-20231025215955, =0.0.0-next-0ae7cbe-20231025215955, =0.0.1, =0.0.1, =1.0.6, =2.0.7-alpha.1 and more Source cves: CVE-2023-7078 Source...
CVE-2023-7080
The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary cod...
CVE-2023-7080
The CVE-2023-7080 issue concerns the V8 inspector in Wrangler (wrangler dev) that could be reached on all network interfaces, enabling a local-network attacker to connect to the inspector and execute arbitrary code within the Workers sandbox. Root causes cited include the inspector server not val...
CVE-2023-7078 Server-Side Request Forgery (SSRF) in Miniflare
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network could...
CVE-2023-7078 Server-Side Request Forgery (SSRF) in Miniflare
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network could...
CVE-2023-7078
CVE-2023-7078 describes a server-side request forgery in Miniflare’s server. Sending specially crafted HTTP requests could cause the server to emit arbitrary HTTP and WebSocket requests, potentially enabling an attacker on the local network to reach other local services if Miniflare listened on e...