wrangler@2.0.6 vulnerabilities

Command-line interface for all things Cloudflare Workers

  • latest version

    3.95.0

  • latest non vulnerable version

  • first published

    12 years ago

  • latest version published

    5 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the wrangler package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Improper Handling of Insufficient Privileges

    wrangler is a Command-line interface for all things Cloudflare Workers

    Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges via the wrangler dev server configuration. An attacker on the local network can connect to the inspector and execute arbitrary code. Additionally, without proper validation of Origin/Host headers, an attacker could exploit this to run code by convincing a user to visit a malicious website.

    Note: If wrangler dev --remote is used, the attacker could also access production resources bound to the worker.

    How to fix Improper Handling of Insufficient Privileges?

    Upgrade wrangler to version 2.20.2, 3.19.0 or higher.

    >=2.0.0 <2.20.2>=3.0.0 <3.19.0
    • M
    Directory Traversal

    wrangler is a Command-line interface for all things Cloudflare Workers

    Affected versions of this package are vulnerable to Directory Traversal when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.

    How to fix Directory Traversal?

    Upgrade wrangler to version 3.1.1 or higher.

    <3.1.1