Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ura4-vgyd-h3de

Summary Arbitrary remote file read in Wrangler dev server

Aliases

alias	CVE-2023-7079

alias	GHSA-cfph-4qqh-w828

Fixed_packages

url pkg:npm/wrangler@3.19.0

purl pkg:npm/wrangler@3.19.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh5-avj1-4qfp

vulnerability	VCID-tyqy-tb73-3kaq

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.19.0

Affected_packages

url pkg:npm/wrangler@3.9.0

purl pkg:npm/wrangler@3.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh5-avj1-4qfp

vulnerability	VCID-nqyp-j2yy-w7ca

vulnerability	VCID-tyqy-tb73-3kaq

vulnerability	VCID-ura4-vgyd-h3de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.9.0

url pkg:npm/wrangler@3.9.1

purl pkg:npm/wrangler@3.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh5-avj1-4qfp

vulnerability	VCID-nqyp-j2yy-w7ca

vulnerability	VCID-tyqy-tb73-3kaq

vulnerability	VCID-ura4-vgyd-h3de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.9.1

url pkg:npm/wrangler@3.10.0

purl pkg:npm/wrangler@3.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh5-avj1-4qfp

vulnerability	VCID-nqyp-j2yy-w7ca

vulnerability	VCID-tyqy-tb73-3kaq

vulnerability	VCID-ura4-vgyd-h3de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.10.0

url pkg:npm/wrangler@3.10.1

purl pkg:npm/wrangler@3.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh5-avj1-4qfp

vulnerability	VCID-nqyp-j2yy-w7ca

vulnerability	VCID-tyqy-tb73-3kaq

vulnerability	VCID-ura4-vgyd-h3de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.10.1

url pkg:npm/wrangler@3.11.0

purl pkg:npm/wrangler@3.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh5-avj1-4qfp

vulnerability	VCID-nqyp-j2yy-w7ca

vulnerability	VCID-tyqy-tb73-3kaq

vulnerability	VCID-ura4-vgyd-h3de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.11.0

url pkg:npm/wrangler@3.12.0

purl pkg:npm/wrangler@3.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh5-avj1-4qfp

vulnerability	VCID-nqyp-j2yy-w7ca

vulnerability	VCID-tyqy-tb73-3kaq

vulnerability	VCID-ura4-vgyd-h3de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.12.0

url pkg:npm/wrangler@3.13.0

purl pkg:npm/wrangler@3.13.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh5-avj1-4qfp

vulnerability	VCID-nqyp-j2yy-w7ca

vulnerability	VCID-tyqy-tb73-3kaq

vulnerability	VCID-ura4-vgyd-h3de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.13.0

url pkg:npm/wrangler@3.13.1

purl pkg:npm/wrangler@3.13.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh5-avj1-4qfp

vulnerability	VCID-nqyp-j2yy-w7ca

vulnerability	VCID-tyqy-tb73-3kaq

vulnerability	VCID-ura4-vgyd-h3de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.13.1

url pkg:npm/wrangler@3.13.2

purl pkg:npm/wrangler@3.13.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh5-avj1-4qfp

vulnerability	VCID-nqyp-j2yy-w7ca

vulnerability	VCID-tyqy-tb73-3kaq

vulnerability	VCID-ura4-vgyd-h3de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.13.2

url pkg:npm/wrangler@3.14.0

purl pkg:npm/wrangler@3.14.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh5-avj1-4qfp

vulnerability	VCID-nqyp-j2yy-w7ca

vulnerability	VCID-tyqy-tb73-3kaq

vulnerability	VCID-ura4-vgyd-h3de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.14.0

url pkg:npm/wrangler@3.15.0

purl pkg:npm/wrangler@3.15.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh5-avj1-4qfp

vulnerability	VCID-nqyp-j2yy-w7ca

vulnerability	VCID-tyqy-tb73-3kaq

vulnerability	VCID-ura4-vgyd-h3de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.15.0

url pkg:npm/wrangler@3.16.0

purl pkg:npm/wrangler@3.16.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh5-avj1-4qfp

vulnerability	VCID-nqyp-j2yy-w7ca

vulnerability	VCID-tyqy-tb73-3kaq

vulnerability	VCID-ura4-vgyd-h3de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.16.0

url pkg:npm/wrangler@3.17.0

purl pkg:npm/wrangler@3.17.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh5-avj1-4qfp

vulnerability	VCID-nqyp-j2yy-w7ca

vulnerability	VCID-tyqy-tb73-3kaq

vulnerability	VCID-ura4-vgyd-h3de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.17.0

url pkg:npm/wrangler@3.17.1

purl pkg:npm/wrangler@3.17.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh5-avj1-4qfp

vulnerability	VCID-nqyp-j2yy-w7ca

vulnerability	VCID-tyqy-tb73-3kaq

vulnerability	VCID-ura4-vgyd-h3de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.17.1

url pkg:npm/wrangler@3.18.0

purl pkg:npm/wrangler@3.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh5-avj1-4qfp

vulnerability	VCID-nqyp-j2yy-w7ca

vulnerability	VCID-tyqy-tb73-3kaq

vulnerability	VCID-ura4-vgyd-h3de

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.18.0

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-7079

reference_id

reference_type

scores

value	0.00071
scoring_system	epss
scoring_elements	0.21879
published_at	2026-06-11T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.22067
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-7079

reference_url

https://github.com/cloudflare/workers-sdk/commit/29df8e17545bf3926b6d61678b596be809d40c6d

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cloudflare/workers-sdk/commit/29df8e17545bf3926b6d61678b596be809d40c6d

reference_url

https://github.com/cloudflare/workers-sdk/commit/311ffbd5064f8301ac6f0311bbe5630897923b93

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cloudflare/workers-sdk/commit/311ffbd5064f8301ac6f0311bbe5630897923b93

reference_url

https://github.com/cloudflare/workers-sdk/pull/4535

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cloudflare/workers-sdk/pull/4535

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-7079

reference_id

CVE-2023-7079

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-7079

reference_url

https://github.com/advisories/GHSA-cfph-4qqh-w828

reference_id

GHSA-cfph-4qqh-w828

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cfph-4qqh-w828

reference_url

https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828

reference_id

GHSA-cfph-4qqh-w828

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828

Weaknesses

cwe_id	287
name	Improper Authentication
description	When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ura4-vgyd-h3de

Vulnerability Instance