5.7 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
20.8%
wrangler is vulnerable to Path Traversal. The vulnerability exists due to a lack of path sanitization in the generateResponse
function of cli.js
, which allows an attacker on the same network as the local development server to access the victim’s files present outside of the development server directory.
developers.cloudflare.com/workers/wrangler/
github.com/advisories/GHSA-8c93-4hch-xgxp
github.com/cloudflare/workers-sdk
github.com/cloudflare/workers-sdk/commit/fddffdf0c23d2ca56f2139a2c6bc278052594cba
github.com/cloudflare/workers-sdk/pull/3498
github.com/cloudflare/workers-sdk/security/advisories/GHSA-8c93-4hch-xgxp