VYPR
High severityNVD Advisory· Published Dec 29, 2023· Updated Aug 26, 2024

Server-Side Request Forgery (SSRF) in Miniflare

CVE-2023-7078

Description

Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
miniflarenpm
>= 3.20230821.0, < 3.20231030.23.20231030.2

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.