Cloudflare Wrangler directory traversal vulnerability

Impact

The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.

Patches

Wrangler2: Upgrade to v2.20.1 or higher.
Wrangler3: Upgrade to v3.1.1 or higher.

References

Workers SDK on Github
Wrangler docs
CVE-2023-3348

References

mskowroncf published to cloudflare/workers-sdk Aug 3, 2023

Published by the National Vulnerability Database Aug 3, 2023

Published to the GitHub Advisory Database Aug 3, 2023

Reviewed Aug 3, 2023

Last updated Nov 8, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

Impact

Patches

References

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

EPSS score

Weaknesses

CVE ID

GHSA ID

Source code