CVE-2023-3348— Directory traversal vulnerability in Cloudflare Wrangler

Directory traversal vulnerability in Cloudflare Wrangler

The Wrangler command line tool  (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

对路径名的限制不恰当(路径遍历)

Cloudflare Wrangler 路径遍历漏洞

Cloudflare Wrangler是Cloudflare公司的一个存储库。 Wrangler 3.1.1之前版本存在路径遍历漏洞，该漏洞源于在运行 Pages 的本地开发服务器（wrangler Pages dev 命令）时容易受到目录遍历漏洞的影响， 攻击者利用该漏洞可以连接到本地开发服务器并访问开发服务器目录之外的文件。

N/A

N/A