← Retour aux CVEs
CVE-2023-7078
HIGH7.5
Description
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.
Details CVE
Score CVSS v3.17.5
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Vecteur d'attaqueADJACENT_NETWORK
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie12/29/2023
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
cloudflare:miniflare
Faiblesses (CWE)
CWE-918CWE-918
References
https://github.com/cloudflare/workers-sdk/pull/4532(cna@cloudflare.com)
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7(cna@cloudflare.com)
https://github.com/cloudflare/workers-sdk/pull/4532(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.