High severityNVD Advisory· Published Dec 29, 2023· Updated Aug 26, 2024
Server-Side Request Forgery (SSRF) in Miniflare
CVE-2023-7078
Description
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
miniflarenpm | >= 3.20230821.0, < 3.20231030.2 | 3.20231030.2 |
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.