Homepage
About Snyk

wrangler@3.5.0 vulnerabilities

Command-line interface for all things Cloudflare Workers

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the wrangler package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Improper Handling of Insufficient Privileges

wrangler is a Command-line interface for all things Cloudflare Workers

Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges via the wrangler dev server configuration. An attacker on the local network can connect to the inspector and execute arbitrary code. Additionally, without proper validation of Origin/Host headers, an attacker could exploit this to run code by convincing a user to visit a malicious website.

Note: If wrangler dev --remote is used, the attacker could also access production resources bound to the worker.

How to fix Improper Handling of Insufficient Privileges?

Upgrade wrangler to version 2.20.2, 3.19.0 or higher.

>=2.0.0 <2.20.2 >=3.0.0 <3.19.0
Go back to all versions of this package