5.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-3348

GHSA ID

GHSA-8c93-4hch-xgxp

EPSS Score

0.43342%

CWE

CWE-22

Published

8/3/2023

Updated

11/8/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-3348

CVE-2023-3348:
Cloudflare Wrangler directory traversal vulnerability

Impact

The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.

Patches

Wrangler2: Upgrade to v2.20.1 or higher. Wrangler3: Upgrade to v3.1.1 or higher.

References

Workers SDK on Github Wrangler docs CVE-2023-3348

(GitHub Advisory)

5.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-3348

GHSA ID

GHSA-8c93-4hch-xgxp

EPSS Score

0.43342%

CWE

CWE-22

Published

8/3/2023

Updated

11/8/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
wrangler	npm	< 2.20.1	2.20.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from improper path handling in the local development server's asset serving logic. The commit diff shows critical changes in assets.ts where: 1) directory paths are resolved to absolute paths, and 2) a security check was added to ensure resolved file paths start with the build directory. The vulnerable version lacked these protections, allowing attackers to escape the restricted directory via crafted paths. The findAssetEntryForPath() function was directly responsible for mapping URLs to filesystem paths without proper containment checks prior to the patch.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** Wr*n*l*r *omm*n* lin* tool (<=wr*n*l*r@*.*.* or <=wr*n*l*r@*.**.*) w*s *****t** *y * *ir**tory tr*v*rs*l vuln*r**ility w**n runnin* * lo**l **v*lopm*nt s*rv*r *or P***s (wr*n*l*r p***s **v *omm*n*). T*is vuln*r**ility *n**l** *n *tt**

Reasoning

T** vuln*r**ility st*mm** *rom improp*r p*t* **n*lin* in t** lo**l **v*lopm*nt s*rv*r's *ss*t s*rvin* lo*i*. T** *ommit *i** s*ows *riti**l ***n**s in `*ss*ts.ts` w**r*: *) *ir**tory p*t*s *r* r*solv** to **solut* p*t*s, *n* *) * s**urity ****k w*s *

5.7

Basic Information

Concerned about an active attack path?

CVE-2023-3348: Cloudflare Wrangler directory traversal vulnerability

Impact

Patches

References

5.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-3348:
Cloudflare Wrangler directory traversal vulnerability

Vulnerability Intelligence
Miggo AI