Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/wrangler@3.9.1
Typenpm
Namespace
Namewrangler
Version3.9.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-3nh5-avj1-4qfp
vulnerability_id VCID-3nh5-avj1-4qfp
summary Duplicate Advisory: Wrangler affected by OS Command Injection in `wrangler pages deploy`
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-0933
reference_id CVE-2026-0933
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-0933
1
reference_url https://github.com/advisories/GHSA-8h3q-9fpp-c883
reference_id GHSA-8h3q-9fpp-c883
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8h3q-9fpp-c883
fixed_packages
aliases GHSA-8h3q-9fpp-c883
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3nh5-avj1-4qfp
1
url VCID-nqyp-j2yy-w7ca
vulnerability_id VCID-nqyp-j2yy-w7ca
summary Arbitrary remote code execution within `wrangler dev` Workers sandbox
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-7080
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13368
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-7080
1
reference_url https://github.com/cloudflare/workers-sdk/commit/05b1bbd2f5b8e60268e30c276067c3a3ae1239cf
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/commit/05b1bbd2f5b8e60268e30c276067c3a3ae1239cf
2
reference_url https://github.com/cloudflare/workers-sdk/commit/29df8e17545bf3926b6d61678b596be809d40c6d
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/commit/29df8e17545bf3926b6d61678b596be809d40c6d
3
reference_url https://github.com/cloudflare/workers-sdk/commit/49a469601adaa9eb9e1f2d6de197c1979d5c6c1b
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/commit/49a469601adaa9eb9e1f2d6de197c1979d5c6c1b
4
reference_url https://github.com/cloudflare/workers-sdk/commit/63708a94fb7a055bf15fa963f2d598b47b11d3c0
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/commit/63708a94fb7a055bf15fa963f2d598b47b11d3c0
5
reference_url https://github.com/cloudflare/workers-sdk/issues/4430
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/issues/4430
6
reference_url https://github.com/cloudflare/workers-sdk/pull/4437
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/pull/4437
7
reference_url https://github.com/cloudflare/workers-sdk/pull/4535
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/pull/4535
8
reference_url https://github.com/cloudflare/workers-sdk/pull/4550
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/pull/4550
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-7080
reference_id CVE-2023-7080
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-7080
10
reference_url https://github.com/advisories/GHSA-f8mp-x433-5wpf
reference_id GHSA-f8mp-x433-5wpf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f8mp-x433-5wpf
11
reference_url https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf
reference_id GHSA-f8mp-x433-5wpf
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf
fixed_packages
0
url pkg:npm/wrangler@3.19.0
purl pkg:npm/wrangler@3.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3nh5-avj1-4qfp
1
vulnerability VCID-tyqy-tb73-3kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.19.0
aliases CVE-2023-7080, GHSA-f8mp-x433-5wpf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nqyp-j2yy-w7ca
2
url VCID-tyqy-tb73-3kaq
vulnerability_id VCID-tyqy-tb73-3kaq
summary 
SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of `--commit-hash` to execute arbitrary commands on the system running Wrangler.




Root causeThe commitHash variable, derived from user input via the --commit-hash CLI argument, is interpolated directly into a shell command using template literals (e.g.,  execSync(`git show -s --format=%B ${commitHash}`)). Shell metacharacters are interpreted by the shell, enabling command execution.




ImpactThis vulnerability is generally hard to exploit, as it requires --commit-hash to be attacker controlled. The vulnerability primarily affects CI/CD environments where `wrangler pages deploy` is used in automated pipelines and the 

--commit-hash parameter is populated from external, potentially untrusted sources. An attacker could exploit this to:

  *  Run any shell command.
  *  Exfiltrate environment variables.
  *  Compromise the CI runner to install backdoors or modify build artifacts.



Credits Disclosed responsibly by kny4hacker.




Mitigation
  *  Wrangler v4 users are requested to upgrade to Wrangler v4.59.1 or higher.
  *  Wrangler v3 users are requested to upgrade to Wrangler v3.114.17 or higher.
  *  Users on Wrangler v2 (EOL) should upgrade to a supported major version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0933
reference_id
reference_type
scores
0
value 0.00068
scoring_system epss
scoring_elements 0.21034
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0933
1
reference_url https://github.com/cloudflare/workers-sdk/commit/99b1f328a9afe181b49f1114ed47f15f6d25f0be
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/commit/99b1f328a9afe181b49f1114ed47f15f6d25f0be
2
reference_url https://github.com/cloudflare/workers-sdk/releases/tag/wrangler%403.114.17
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/releases/tag/wrangler%403.114.17
3
reference_url https://github.com/cloudflare/workers-sdk/releases/tag/wrangler%404.59.1
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/releases/tag/wrangler%404.59.1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-0933
reference_id CVE-2026-0933
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-0933
5
reference_url https://github.com/advisories/GHSA-36p8-mvp6-cv38
reference_id GHSA-36p8-mvp6-cv38
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-36p8-mvp6-cv38
6
reference_url https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-36p8-mvp6-cv38
reference_id GHSA-36p8-mvp6-cv38
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-36p8-mvp6-cv38
7
reference_url https://github.com/cloudflare/workers-sdk
reference_id workers-sdk
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-23T18:58:09Z/
url https://github.com/cloudflare/workers-sdk
fixed_packages
0
url pkg:npm/wrangler@3.114.17
purl pkg:npm/wrangler@3.114.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3nh5-avj1-4qfp
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.114.17
1
url pkg:npm/wrangler@4.59.1
purl pkg:npm/wrangler@4.59.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3nh5-avj1-4qfp
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@4.59.1
aliases CVE-2026-0933, GHSA-36p8-mvp6-cv38
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tyqy-tb73-3kaq
3
url VCID-ura4-vgyd-h3de
vulnerability_id VCID-ura4-vgyd-h3de
summary Arbitrary remote file read in Wrangler dev server
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-7079
reference_id
reference_type
scores
0
value 0.00071
scoring_system epss
scoring_elements 0.21879
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-7079
1
reference_url https://github.com/cloudflare/workers-sdk/commit/29df8e17545bf3926b6d61678b596be809d40c6d
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/commit/29df8e17545bf3926b6d61678b596be809d40c6d
2
reference_url https://github.com/cloudflare/workers-sdk/commit/311ffbd5064f8301ac6f0311bbe5630897923b93
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/commit/311ffbd5064f8301ac6f0311bbe5630897923b93
3
reference_url https://github.com/cloudflare/workers-sdk/pull/4535
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/pull/4535
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-7079
reference_id CVE-2023-7079
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-7079
5
reference_url https://github.com/advisories/GHSA-cfph-4qqh-w828
reference_id GHSA-cfph-4qqh-w828
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cfph-4qqh-w828
6
reference_url https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828
reference_id GHSA-cfph-4qqh-w828
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828
fixed_packages
0
url pkg:npm/wrangler@3.19.0
purl pkg:npm/wrangler@3.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3nh5-avj1-4qfp
1
vulnerability VCID-tyqy-tb73-3kaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.19.0
aliases CVE-2023-7079, GHSA-cfph-4qqh-w828
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ura4-vgyd-h3de
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.9.1