CVE-2023-3348
Summary
| CVE | CVE-2023-3348 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-03 15:15:00 UTC |
| Updated | 2023-08-29 10:15:00 UTC |
| Description | The Wrangler command line tool (<[email protected] or <[email protected]) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cloudflare | Wrangler | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Directory traversal vulnerability in Cloudflare Wrangler · Advisory · cloudflare/workers-sdk · GitHub | MISC | github.com | |
| GitHub - cloudflare/workers-sdk: ⛅️ Home to Wrangler, the CLI for Cloudflare Workers® | MISC | github.com | |
| Wrangler (command line) · Cloudflare Workers docs | MISC | developers.cloudflare.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.