wrangler@3.13.1 vulnerabilities

Command-line interface for all things Cloudflare Workers

latest version

3.56.0
latest non vulnerable version

3.56.0
first published

12 years ago
latest version published

2 days ago
licenses detected
- MIT OR Apache-2.0
  >=0
View wrangler package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the wrangler package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Improper Handling of Insufficient Privileges wrangler is a Command-line interface for all things Cloudflare Workers Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges via the `wrangler dev` server configuration. An attacker on the local network can connect to the inspector and execute arbitrary code. Additionally, without proper validation of `Origin/Host` headers, an attacker could exploit this to run code by convincing a user to visit a malicious website. Note: If `wrangler dev --remote` is used, the attacker could also access production resources bound to the worker. How to fix Improper Handling of Insufficient Privileges? Upgrade `wrangler` to version 2.20.2, 3.19.0 or higher.	>=2.0.0 <2.20.2 >=3.0.0 <3.19.0
M Arbitrary File Read wrangler is a Command-line interface for all things Cloudflare Workers Affected versions of this package are vulnerable to Arbitrary File Read by specially crafted HTTP requests and inspector messages to the dev server. An attacker can access any file on the user's computer over the local network by convincing a user to open a malicious website. How to fix Arbitrary File Read? Upgrade `wrangler` to version 3.18.0 or higher.	>=3.9.0 <3.18.0

Improper Handling of Insufficient Privileges

wrangler is a Command-line interface for all things Cloudflare Workers

Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges via the wrangler dev server configuration. An attacker on the local network can connect to the inspector and execute arbitrary code. Additionally, without proper validation of Origin/Host headers, an attacker could exploit this to run code by convincing a user to visit a malicious website.

Note: If wrangler dev --remote is used, the attacker could also access production resources bound to the worker.

How to fix Improper Handling of Insufficient Privileges?

Upgrade wrangler to version 2.20.2, 3.19.0 or higher.

>=2.0.0 <2.20.2 >=3.0.0 <3.19.0

Arbitrary File Read

wrangler is a Command-line interface for all things Cloudflare Workers

Affected versions of this package are vulnerable to Arbitrary File Read by specially crafted HTTP requests and inspector messages to the dev server. An attacker can access any file on the user's computer over the local network by convincing a user to open a malicious website.

How to fix Arbitrary File Read?

Upgrade wrangler to version 3.18.0 or higher.

>=3.9.0 <3.18.0

Go back to all versions of this package

wrangler@3.13.1 vulnerabilities

Command-line interface for all things Cloudflare Workers

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities