Home > Vulnerability Database > CVE-2023-3348

Mend.io Vulnerability Database

CVE-2023-3348

Good to know:

Date: August 3, 2023

The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.

Language: JS

Severity Score

5.7

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-3348

Url: https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-8c93-4hch-xgxp

Url: https://developers.cloudflare.com/workers/wrangler

Url: https://developers.cloudflare.com/workers/wrangler/

Url: https://github.com/cloudflare/workers-sdk/releases/tag/wrangler%403.1.1

Url: https://github.com/cloudflare/workers-sdk

Url: https://github.com/cloudflare/workers-sdk/pull/3498

Url: https://github.com/cloudflare/workers-sdk/commit/fddffdf0c23d2ca56f2139a2c6bc278052594cba

Url: https://www.mend.io/vulnerability-database/CVE-2023-3348

Severity Score

5.7

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version wrangler - 3.1.1

Learn More

CVSS v3.1

Base Score:	5.7
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-3348

Good to know:

Date: August 3, 2023

Language: JS

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?