Lucene search
+L

6 matches found

vulnersosv
vulnersosv
added 2023/12/29 7:36 p.m.6 views

@askcodebase/wrangler (>=3.15.0 <=3.15.8), @astrojs/cloudflare (>=0.0.0-404-fix-20231115224256 <=8.0.1) +17 more potentially affected by CVE-2023-7078 via miniflare (>=3.20230904.0 <=3.20231030.1)

miniflare NPM version =3.20230904.0, =3.15.0, =0.0.0-404-fix-20231115224256, =1.0.274, =0.0.0-1e516e3, =0.9.0, =0.0.5, =0.2.0, =0.0.1, =0.0.6, =0.0.0-next-0ae7cbe-20231025215955, =0.0.0-next-0ae7cbe-20231025215955, =0.0.1, =0.0.1, =1.0.6, =2.0.7-alpha.1 and more Source cves: CVE-2023-7078 Source...

8.1CVSS7.2AI score0.00552EPSS
Exploits0
nvd
nvd
added 2023/12/29 12:15 p.m.27 views

CVE-2023-7080

The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary cod...

8.5CVSS0.00583EPSS
Exploits0References5
cve
cve
added 2023/12/29 11:58 a.m.60 views

CVE-2023-7080

The CVE-2023-7080 issue concerns the V8 inspector in Wrangler (wrangler dev) that could be reached on all network interfaces, enabling a local-network attacker to connect to the inspector and execute arbitrary code within the Workers sandbox. Root causes cited include the inspector server not val...

8.5CVSS8AI score0.00583EPSS
Exploits0References5Affected Software1
vulnrichment
vulnrichment
added 2023/12/29 11:53 a.m.10 views

CVE-2023-7078 Server-Side Request Forgery (SSRF) in Miniflare

Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network could...

7.5CVSS6.6AI score0.00552EPSS
Exploits0References2
cvelist
cvelist
added 2023/12/29 11:53 a.m.43 views

CVE-2023-7078 Server-Side Request Forgery (SSRF) in Miniflare

Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network could...

7.5CVSS8.1AI score0.00552EPSS
Exploits0References2
cve
cve
added 2023/12/29 11:53 a.m.117 views

CVE-2023-7078

CVE-2023-7078 describes a server-side request forgery in Miniflare’s server. Sending specially crafted HTTP requests could cause the server to emit arbitrary HTTP and WebSocket requests, potentially enabling an attacker on the local network to reach other local services if Miniflare listened on e...

8.1CVSS7.6AI score0.00552EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder