Skip to content

Directory traversal vulnerability in Cloudflare Wrangler

Moderate
mskowroncf published GHSA-8c93-4hch-xgxp Aug 3, 2023

Package

npm wrangler (npm)

Affected versions

<3.1.1
<2.20.1

Patched versions

3.1.1
2.20.1

Description

Impact

The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.

Patches

Wrangler2: Upgrade to v2.20.1 or higher.
Wrangler3: Upgrade to v3.1.1 or higher.

References

Workers SDK on Github
Wrangler docs
CVE-2023-3348

Severity

Moderate
5.7
/ 10

CVSS base metrics

Attack vector
Adjacent
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE ID

CVE-2023-3348

Weaknesses