Vulnerability	Vulnerable Version
H Improper Handling of Insufficient Privileges wrangler is a Command-line interface for all things Cloudflare Workers Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges via the `wrangler dev` server configuration. An attacker on the local network can connect to the inspector and execute arbitrary code. Additionally, without proper validation of `Origin/Host` headers, an attacker could exploit this to run code by convincing a user to visit a malicious website. Note: If `wrangler dev --remote` is used, the attacker could also access production resources bound to the worker. How to fix Improper Handling of Insufficient Privileges? Upgrade `wrangler` to version 2.20.2, 3.19.0 or higher.	>=2.0.0 <2.20.2>=3.0.0 <3.19.0
M Arbitrary File Read wrangler is a Command-line interface for all things Cloudflare Workers Affected versions of this package are vulnerable to Arbitrary File Read by specially crafted HTTP requests and inspector messages to the dev server. An attacker can access any file on the user's computer over the local network by convincing a user to open a malicious website. How to fix Arbitrary File Read? Upgrade `wrangler` to version 3.18.0 or higher.	>=3.9.0 <3.18.0

Improper Handling of Insufficient Privileges

wrangler is a Command-line interface for all things Cloudflare Workers

Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges via the wrangler dev server configuration. An attacker on the local network can connect to the inspector and execute arbitrary code. Additionally, without proper validation of Origin/Host headers, an attacker could exploit this to run code by convincing a user to visit a malicious website.

Note: If wrangler dev --remote is used, the attacker could also access production resources bound to the worker.

How to fix Improper Handling of Insufficient Privileges?

Upgrade wrangler to version 2.20.2, 3.19.0 or higher.

>=2.0.0 <2.20.2>=3.0.0 <3.19.0

Arbitrary File Read

wrangler is a Command-line interface for all things Cloudflare Workers

Affected versions of this package are vulnerable to Arbitrary File Read by specially crafted HTTP requests and inspector messages to the dev server. An attacker can access any file on the user's computer over the local network by convincing a user to open a malicious website.

How to fix Arbitrary File Read?

Upgrade wrangler to version 3.18.0 or higher.

>=3.9.0 <3.18.0

Go back to all versions of this package