CVE-2023-7080

The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary cod...

CVE-2023-7080 Arbitrary remote code execution within wrangler dev Workers sandbox

The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary cod...

CVE-2023-7079 Arbitrary remote file read in Wrangler dev server

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file...

Malicious code in wrangler-dev-api-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 61404905188d42181fbf3217b2ebffe91c1328a0cd469718a53faec95f244738 The OpenSSF Package Analysis project identified 'wrangler-dev-api-app' @ 24.12.47 npm as malicious. It is considered malicious because: - The...

Malicious Package

Overview wrangler-dev-api-app is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...