Veracode Vulnerability DatabaseVERACODE:44915Arbitrary File Read
6.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.9%
wrangler is vulnerable to Arbitrary File Read. The vulnerability is due improper network configuration which allows an attacker to access files over the local network via specially crafted HTTP requests. An attacker is able to read arbitrary files over the local network or can trick a user to click on a malicious link to access the file remotely.
References
github.com/cloudflare/workers-sdk/commit/29df8e17545bf3926b6d61678b596be809d40c6d
github.com/cloudflare/workers-sdk/commit/311ffbd5064f8301ac6f0311bbe5630897923b93
github.com/cloudflare/workers-sdk/pull/4532
github.com/cloudflare/workers-sdk/pull/4535
github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828
Related
6.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.9%