Vulnerability	Vulnerable Version
H Improper Input Validation wrangler is a Command-line interface for all things Cloudflare Workers Affected versions of this package are vulnerable to Improper Input Validation via the `wrangler pages deploy` command when the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization. An attacker can execute arbitrary system commands by supplying crafted input to the `--commit-hash` parameter. Note: This is only exploitable if the `--commit-hash` parameter is attacker-controlled, such as in CI/CD environments where it is populated from untrusted sources. How to fix Improper Input Validation? Upgrade `wrangler` to version 3.114.17, 4.59.1 or higher.	>=2.0.15 <3.114.17>=4.0.0 <4.59.1

Improper Input Validation

wrangler is a Command-line interface for all things Cloudflare Workers

Affected versions of this package are vulnerable to Improper Input Validation via the wrangler pages deploy command when the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization. An attacker can execute arbitrary system commands by supplying crafted input to the --commit-hash parameter.

Note:

This is only exploitable if the --commit-hash parameter is attacker-controlled, such as in CI/CD environments where it is populated from untrusted sources.

How to fix Improper Input Validation?

Upgrade wrangler to version 3.114.17, 4.59.1 or higher.

>=2.0.15 <3.114.17>=4.0.0 <4.59.1

Go back to all versions of this package