{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211586?format=json","vulnerability_id":"VCID-ura4-vgyd-h3de","summary":"Arbitrary remote file read in Wrangler dev server","aliases":[{"alias":"CVE-2023-7079"},{"alias":"GHSA-cfph-4qqh-w828"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28249?format=json","purl":"pkg:npm/wrangler@3.19.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nh5-avj1-4qfp"},{"vulnerability":"VCID-tyqy-tb73-3kaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.19.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28248?format=json","purl":"pkg:npm/wrangler@3.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nh5-avj1-4qfp"},{"vulnerability":"VCID-nqyp-j2yy-w7ca"},{"vulnerability":"VCID-tyqy-tb73-3kaq"},{"vulnerability":"VCID-ura4-vgyd-h3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/683054?format=json","purl":"pkg:npm/wrangler@3.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nh5-avj1-4qfp"},{"vulnerability":"VCID-nqyp-j2yy-w7ca"},{"vulnerability":"VCID-tyqy-tb73-3kaq"},{"vulnerability":"VCID-ura4-vgyd-h3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/683055?format=json","purl":"pkg:npm/wrangler@3.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nh5-avj1-4qfp"},{"vulnerability":"VCID-nqyp-j2yy-w7ca"},{"vulnerability":"VCID-tyqy-tb73-3kaq"},{"vulnerability":"VCID-ura4-vgyd-h3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.10.0"},{"url":"http://public2.vulnerablecode.io/api/packages/683056?format=json","purl":"pkg:npm/wrangler@3.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nh5-avj1-4qfp"},{"vulnerability":"VCID-nqyp-j2yy-w7ca"},{"vulnerability":"VCID-tyqy-tb73-3kaq"},{"vulnerability":"VCID-ura4-vgyd-h3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/683057?format=json","purl":"pkg:npm/wrangler@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nh5-avj1-4qfp"},{"vulnerability":"VCID-nqyp-j2yy-w7ca"},{"vulnerability":"VCID-tyqy-tb73-3kaq"},{"vulnerability":"VCID-ura4-vgyd-h3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/683058?format=json","purl":"pkg:npm/wrangler@3.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nh5-avj1-4qfp"},{"vulnerability":"VCID-nqyp-j2yy-w7ca"},{"vulnerability":"VCID-tyqy-tb73-3kaq"},{"vulnerability":"VCID-ura4-vgyd-h3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.12.0"},{"url":"http://public2.vulnerablecode.io/api/packages/683059?format=json","purl":"pkg:npm/wrangler@3.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nh5-avj1-4qfp"},{"vulnerability":"VCID-nqyp-j2yy-w7ca"},{"vulnerability":"VCID-tyqy-tb73-3kaq"},{"vulnerability":"VCID-ura4-vgyd-h3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.13.0"},{"url":"http://public2.vulnerablecode.io/api/packages/683060?format=json","purl":"pkg:npm/wrangler@3.13.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nh5-avj1-4qfp"},{"vulnerability":"VCID-nqyp-j2yy-w7ca"},{"vulnerability":"VCID-tyqy-tb73-3kaq"},{"vulnerability":"VCID-ura4-vgyd-h3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.13.1"},{"url":"http://public2.vulnerablecode.io/api/packages/683061?format=json","purl":"pkg:npm/wrangler@3.13.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nh5-avj1-4qfp"},{"vulnerability":"VCID-nqyp-j2yy-w7ca"},{"vulnerability":"VCID-tyqy-tb73-3kaq"},{"vulnerability":"VCID-ura4-vgyd-h3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.13.2"},{"url":"http://public2.vulnerablecode.io/api/packages/683062?format=json","purl":"pkg:npm/wrangler@3.14.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nh5-avj1-4qfp"},{"vulnerability":"VCID-nqyp-j2yy-w7ca"},{"vulnerability":"VCID-tyqy-tb73-3kaq"},{"vulnerability":"VCID-ura4-vgyd-h3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.14.0"},{"url":"http://public2.vulnerablecode.io/api/packages/683063?format=json","purl":"pkg:npm/wrangler@3.15.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nh5-avj1-4qfp"},{"vulnerability":"VCID-nqyp-j2yy-w7ca"},{"vulnerability":"VCID-tyqy-tb73-3kaq"},{"vulnerability":"VCID-ura4-vgyd-h3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.15.0"},{"url":"http://public2.vulnerablecode.io/api/packages/683064?format=json","purl":"pkg:npm/wrangler@3.16.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nh5-avj1-4qfp"},{"vulnerability":"VCID-nqyp-j2yy-w7ca"},{"vulnerability":"VCID-tyqy-tb73-3kaq"},{"vulnerability":"VCID-ura4-vgyd-h3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.16.0"},{"url":"http://public2.vulnerablecode.io/api/packages/683065?format=json","purl":"pkg:npm/wrangler@3.17.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nh5-avj1-4qfp"},{"vulnerability":"VCID-nqyp-j2yy-w7ca"},{"vulnerability":"VCID-tyqy-tb73-3kaq"},{"vulnerability":"VCID-ura4-vgyd-h3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.17.0"},{"url":"http://public2.vulnerablecode.io/api/packages/683066?format=json","purl":"pkg:npm/wrangler@3.17.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nh5-avj1-4qfp"},{"vulnerability":"VCID-nqyp-j2yy-w7ca"},{"vulnerability":"VCID-tyqy-tb73-3kaq"},{"vulnerability":"VCID-ura4-vgyd-h3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.17.1"},{"url":"http://public2.vulnerablecode.io/api/packages/683067?format=json","purl":"pkg:npm/wrangler@3.18.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nh5-avj1-4qfp"},{"vulnerability":"VCID-nqyp-j2yy-w7ca"},{"vulnerability":"VCID-tyqy-tb73-3kaq"},{"vulnerability":"VCID-ura4-vgyd-h3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/wrangler@3.18.0"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-7079","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21879","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.22067","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-7079"},{"reference_url":"https://github.com/cloudflare/workers-sdk/commit/29df8e17545bf3926b6d61678b596be809d40c6d","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cloudflare/workers-sdk/commit/29df8e17545bf3926b6d61678b596be809d40c6d"},{"reference_url":"https://github.com/cloudflare/workers-sdk/commit/311ffbd5064f8301ac6f0311bbe5630897923b93","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cloudflare/workers-sdk/commit/311ffbd5064f8301ac6f0311bbe5630897923b93"},{"reference_url":"https://github.com/cloudflare/workers-sdk/pull/4535","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cloudflare/workers-sdk/pull/4535"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-7079","reference_id":"CVE-2023-7079","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-7079"},{"reference_url":"https://github.com/advisories/GHSA-cfph-4qqh-w828","reference_id":"GHSA-cfph-4qqh-w828","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cfph-4qqh-w828"},{"reference_url":"https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828","reference_id":"GHSA-cfph-4qqh-w828","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828"}],"weaknesses":[{"cwe_id":287,"name":"Improper Authentication","description":"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ura4-vgyd-h3de"}