CVE-2023-3348

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-3348

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3348.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-3348

Aliases

GHSA-8c93-4hch-xgxp

Related

GHSA-8c93-4hch-xgxp

Published

2023-08-03T15:15:30.227Z

Modified

2026-03-13T07:37:45.014869Z

Severity

5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.

References

Affected packages

Git / github.com/cloudflare/workers-sdk

Affected ranges

Type

GIT

Repo

https://github.com/cloudflare/workers-sdk

Events

Introduced

Fixed

881ea7be43bcd5a3b7ea1d708c04408c9c27d50d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.1.1"
        }
    ]
}

Affected versions

@cloudflare/pages-shared@0.*

@cloudflare/pages-shared@0.0.10

@cloudflare/pages-shared@0.0.11

@cloudflare/pages-shared@0.0.12

@cloudflare/pages-shared@0.0.9

@cloudflare/pages-shared@0.2.0

@cloudflare/pages-shared@0.3.0

@cloudflare/pages-shared@0.3.1

@cloudflare/pages-shared@0.3.2

@cloudflare/pages-shared@0.3.3

@cloudflare/pages-shared@0.3.4

@cloudflare/pages-shared@0.3.5

@cloudflare/pages-shared@0.4.0

@cloudflare/pages-shared@0.4.1

@cloudflare/pages-shared@0.4.2

@cloudflare/pages-shared@0.5.0

@cloudflare/pages-shared@0.5.1

@cloudflare/prerelease-registry@0.*

@cloudflare/prerelease-registry@0.0.2

@cloudflare/wrangler-devtools@0.*

@cloudflare/wrangler-devtools@0.0.0

create-cloudflare@2.*

create-cloudflare@2.0.3

create-cloudflare@2.0.5

create-cloudflare@2.0.6

create-cloudflare@2.0.7

create-cloudflare@2.0.8

create-cloudflare@2.0.9

d1-example@0.*

d1-example@0.0.0

d1-worker-app@1.*

d1-worker-app@1.0.0

example-wasm-app@1.*

example-wasm-app@1.0.0

Other

external-durable-objects-app@undefined

remix-pages-app@undefined

service-bindings-app@undefined

images.*

images.pages.dev@0.1.0

isomorphic-random-example@0.*

isomorphic-random-example@0.0.1

jest-environment-wrangler@0.*

jest-environment-wrangler@0.0.24

jest-environment-wrangler@0.0.26

jest-environment-wrangler@0.0.28

jest-environment-wrangler@0.0.29

jest-environment-wrangler@0.0.31

legacy-site-app@0.*

legacy-site-app@0.0.0

local-mode-tests@1.*

local-mode-tests@1.0.1

news-feed-app@0.*

news-feed-app@0.1.0

no-bundle-import@0.*

no-bundle-import@0.0.0

node-app-pages@0.*

node-app-pages@0.0.0

pages-d1-shim@0.*

pages-d1-shim@0.0.0

pages-functions-app@0.*

pages-functions-app@0.0.0

pages-functions-cors@0.*

pages-functions-cors@0.0.0

pages-functions-wasm-app@0.*

pages-functions-wasm-app@0.0.1

pages-functions-with-routes-app@0.*

pages-functions-with-routes-app@0.0.1

pages-plugin-example@0.*

pages-plugin-example@0.0.0

pages-plugin-mounted-on-root-app@0.*

pages-plugin-mounted-on-root-app@0.0.0

pages-plugin-static-forms@0.*

pages-plugin-static-forms@0.0.0

pages-workerjs-and-functions-app@0.*

pages-workerjs-and-functions-app@0.0.1

pages-workerjs-app@0.*

pages-workerjs-app@0.0.0

pages-workerjs-wasm-app@0.*

pages-workerjs-wasm-app@0.0.1

pages-workerjs-with-routes-app@0.*

pages-workerjs-with-routes-app@0.0.1

pages-ws-app@0.*

pages-ws-app@0.0.0

prospector@0.*

prospector@0.0.0

rules-app@1.*

rules-app@1.0.0

sites-app@0.*

sites-app@0.0.0

solarflare-theme@0.*

solarflare-theme@0.0.1

solarflare-theme@0.0.2

template-worker-aws@0.*

template-worker-aws@0.0.0

template-worker-d1@1.*

template-worker-d1@1.0.0

template-worker-durable-objects@0.*

template-worker-durable-objects@0.0.0

template-worker-mysql@0.*

template-worker-mysql@0.0.0

template-worker-postgres@0.*

template-worker-postgres@0.0.0

template-worker-r2@0.*

template-worker-r2@0.0.0

template-worker-router@0.*

template-worker-router@0.0.0

template-worker-sites-react@0.*

template-worker-sites-react@0.0.0

template-worker-sites@0.*

template-worker-sites@0.0.0

template-worker-speedtest@0.*

template-worker-speedtest@0.0.0

template-worker-typescript@0.*

template-worker-typescript@0.0.0

template-worker-websocket@0.*

template-worker-websocket@0.0.0

template-worker-worktop@0.*

template-worker-worktop@0.0.0

template-worker@0.*

template-worker@0.0.0

v2.*

v2.0.8

wasm-app@1.*

wasm-app@1.0.0

worker-app@1.*

worker-app@1.0.1

worker-example-request-scheduler@0.*

worker-example-request-scheduler@0.0.0

worker-example-wordle@0.*

worker-example-wordle@0.0.0

worker-openapi@1.*

worker-openapi@1.0.0

workers-analytics-engine-template@0.*

workers-analytics-engine-template@0.0.0

workers-chat-demo@1.*

workers-chat-demo@1.0.0

workers-websocket-durable-objects@0.*

workers-websocket-durable-objects@0.0.0

workers.*

workers.new@0.0.0

wrangler-dev-api-app@1.*

wrangler-dev-api-app@1.0.0

wrangler@0.*

wrangler@0.0.10

wrangler@0.0.11

wrangler@0.0.12

wrangler@0.0.13

wrangler@0.0.14

wrangler@0.0.15

wrangler@0.0.16

wrangler@0.0.17

wrangler@0.0.18

wrangler@0.0.19

wrangler@0.0.21

wrangler@0.0.22

wrangler@0.0.23

wrangler@0.0.24

wrangler@0.0.25

wrangler@0.0.26

wrangler@0.0.27

wrangler@0.0.28

wrangler@0.0.29

wrangler@0.0.30

wrangler@0.0.31

wrangler@0.0.32

wrangler@0.0.33

wrangler@0.0.34

wrangler@0.0.5

wrangler@0.0.6

wrangler@0.0.7

wrangler@0.0.8

wrangler@0.0.9

wrangler@2.*

wrangler@2.0.0

wrangler@2.0.1

wrangler@2.0.11

wrangler@2.0.12

wrangler@2.0.14

wrangler@2.0.15

wrangler@2.0.16

wrangler@2.0.17

wrangler@2.0.18

wrangler@2.0.19

wrangler@2.0.2

wrangler@2.0.21

wrangler@2.0.22

wrangler@2.0.23

wrangler@2.0.24

wrangler@2.0.25

wrangler@2.0.26

wrangler@2.0.27

wrangler@2.0.28

wrangler@2.0.29

wrangler@2.0.3

wrangler@2.0.5

wrangler@2.0.6

wrangler@2.0.7

wrangler@2.0.8

wrangler@2.0.9

wrangler@2.1.0

wrangler@2.1.1

wrangler@2.1.10

wrangler@2.1.11

wrangler@2.1.12

wrangler@2.1.13

wrangler@2.1.14

wrangler@2.1.15

wrangler@2.1.2

wrangler@2.1.3

wrangler@2.1.4

wrangler@2.1.5

wrangler@2.1.6

wrangler@2.1.7

wrangler@2.1.8

wrangler@2.1.9

wrangler@2.10.0

wrangler@2.11.0

wrangler@2.11.1

wrangler@2.12.0

wrangler@2.12.1

wrangler@2.12.2

wrangler@2.12.3

wrangler@2.13.0

wrangler@2.14.0

wrangler@2.15.0

wrangler@2.15.1

wrangler@2.16.0

wrangler@2.17.0

wrangler@2.18.0

wrangler@2.19.0

wrangler@2.2.0

wrangler@2.2.1

wrangler@2.2.2

wrangler@2.2.3

wrangler@2.20.0

wrangler@2.3.0

wrangler@2.3.1

wrangler@2.3.2

wrangler@2.4.0

wrangler@2.4.1

wrangler@2.4.2

wrangler@2.4.3

wrangler@2.4.4

wrangler@2.5.0

wrangler@2.6.0

wrangler@2.6.1

wrangler@2.6.2

wrangler@2.7.0

wrangler@2.7.1

wrangler@2.8.0

wrangler@2.8.1

wrangler@2.9.0

wrangler@2.9.1

wrangler@3.*

wrangler@3.0.0

wrangler@3.0.1

wrangler@3.1.0

wranglerjs-compat-webpack-plugin@0.*

wranglerjs-compat-webpack-plugin@0.0.2

wranglerjs-compat-webpack-plugin@0.0.3

wranglerjs-compat-webpack-plugin@0.0.4

wranglerjs-compat-webpack-plugin@0.0.5

wranglerjs-compat-webpack-plugin@0.0.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3348.json"