wrangler@3.0.1 vulnerabilities

Command-line interface for all things Cloudflare Workers

latest version

3.53.0
latest non vulnerable version

3.53.0
first published

12 years ago
latest version published

a day ago
licenses detected
- Unknown
  >=0
View wrangler package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the wrangler package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Improper Handling of Insufficient Privileges wrangler is a Command-line interface for all things Cloudflare Workers Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges via the `wrangler dev` server configuration. An attacker on the local network can connect to the inspector and execute arbitrary code. Additionally, without proper validation of `Origin/Host` headers, an attacker could exploit this to run code by convincing a user to visit a malicious website. Note: If `wrangler dev --remote` is used, the attacker could also access production resources bound to the worker. How to fix Improper Handling of Insufficient Privileges? Upgrade `wrangler` to version 2.20.2, 3.19.0 or higher.	>=2.0.0 <2.20.2 >=3.0.0 <3.19.0
M Directory Traversal wrangler is a Command-line interface for all things Cloudflare Workers Affected versions of this package are vulnerable to Directory Traversal when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server. How to fix Directory Traversal? Upgrade `wrangler` to version 3.1.1 or higher.	<3.1.1

Improper Handling of Insufficient Privileges

wrangler is a Command-line interface for all things Cloudflare Workers

Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges via the wrangler dev server configuration. An attacker on the local network can connect to the inspector and execute arbitrary code. Additionally, without proper validation of Origin/Host headers, an attacker could exploit this to run code by convincing a user to visit a malicious website.

Note: If wrangler dev --remote is used, the attacker could also access production resources bound to the worker.

How to fix Improper Handling of Insufficient Privileges?

Upgrade wrangler to version 2.20.2, 3.19.0 or higher.

>=2.0.0 <2.20.2 >=3.0.0 <3.19.0

Directory Traversal

wrangler is a Command-line interface for all things Cloudflare Workers

Affected versions of this package are vulnerable to Directory Traversal when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.

How to fix Directory Traversal?

Upgrade wrangler to version 3.1.1 or higher.

<3.1.1

Go back to all versions of this package

wrangler@3.0.1 vulnerabilities

Command-line interface for all things Cloudflare Workers

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities