Moderate severityNVD Advisory· Published Aug 3, 2023· Updated Oct 9, 2024
Directory traversal vulnerability in Cloudflare Wrangler
CVE-2023-3348
Description
The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
wranglernpm | < 2.20.1 | 2.20.1 |
Affected products
2- Range: 3
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-8c93-4hch-xgxpghsaADVISORY
- github.com/cloudflare/workers-sdk/security/advisories/GHSA-8c93-4hch-xgxpghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-3348ghsaADVISORY
- developers.cloudflare.com/workers/wranglerghsaWEB
- developers.cloudflare.com/workers/wrangler/mitrerelated
- github.com/cloudflare/workers-sdk/commit/fddffdf0c23d2ca56f2139a2c6bc278052594cbaghsaWEB
- github.com/cloudflare/workers-sdk/pull/3498ghsaWEB
- github.com/cloudflare/workers-sdk/releases/tag/wrangler%403.1.1ghsaWEB
News mentions
0No linked articles in our index yet.