Platform
nodejs
Component
wrangler
Fixed in
2.20.3
2.20.3
3.19.1
3.19.0
CVE-2023-7080 is a critical Remote Code Execution (RCE) vulnerability affecting the Wrangler development server, a tool used for building and deploying Cloudflare Workers. This vulnerability allows an attacker on the local network to execute arbitrary code within the Workers sandbox due to the inspector server's lack of origin validation and its exposure on all network interfaces. Affected versions include those prior to Wrangler 3.19.0; upgrading to the latest version resolves the issue.
The vulnerability stems from the Wrangler development server's V8 inspector, which is intentionally designed to allow debugging by enabling arbitrary code execution within a sandboxed environment. However, the inspector server in earlier versions of Wrangler did not properly validate Origin and Host headers. This oversight allows an attacker on the local network to connect to the inspector and execute arbitrary code. A particularly concerning aspect is the potential for attackers to trick users into visiting a malicious website, granting them the ability to run code. If wrangler dev --remote is used, the attacker could potentially access production resources, significantly expanding the blast radius of the attack. This vulnerability presents a high risk of unauthorized code execution and potential data compromise.
This vulnerability was publicly disclosed on January 3, 2024. While no active exploitation campaigns have been publicly reported, the ease of exploitation and the potential impact make it a high-priority concern. The lack of origin validation mirrors patterns seen in other vulnerabilities leading to RCE. It is recommended to monitor for potential exploitation attempts and apply the patch as soon as possible.
Exploit Status
EPSS
0.04% (13% percentile)
CVSS Vector
The primary mitigation for CVE-2023-7080 is to upgrade to Wrangler version 3.19.0 or later, which includes the necessary fixes to properly validate Origin and Host headers. If an immediate upgrade is not feasible, consider temporarily disabling the inspector server by running wrangler dev --no-inspector. Additionally, restrict network access to the development server by only allowing connections from trusted sources. Monitor network traffic for suspicious connections to the inspector port. After upgrading, confirm the fix by attempting to connect to the inspector from a remote machine and verifying that the connection is denied.
Actualice el paquete `wrangler` a la versión 3.19.0 o superior, o a la versión 2.20.2 o superior. Esto corrige la vulnerabilidad de ejecución remota de código. Ejecute `npm install wrangler@latest` o `npm update wrangler` para actualizar.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-7080 is a critical Remote Code Execution vulnerability in Wrangler versions prior to 3.19.0, allowing attackers on the local network to execute arbitrary code.
If you are using Wrangler versions 3.18.0 or earlier, you are affected by this vulnerability. Upgrade to version 3.19.0 or later to mitigate the risk.
Upgrade to Wrangler version 3.19.0 or later. As a temporary workaround, disable the inspector server using wrangler dev --no-inspector.
While no active exploitation campaigns have been publicly reported, the vulnerability's ease of exploitation warrants immediate attention and patching.
Refer to the Cloudflare security advisory for detailed information and updates: [https://www.cloudflare.com/security/advisories/cve-2023-7080/](https://www.cloudflare.com/security/advisories/cve-2023-7080/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.