Description
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.
Remediation
References
https://github.com/cloudflare/workers-sdk/pull/4532
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7
Related Vulnerabilities
CVE-2021-21160 Vulnerability in npm package electron
CVE-2021-25916 Vulnerability in npm package patchmerge
CVE-2023-25572 Vulnerability in maven package org.webjars.npm:react-admin
CVE-2023-32313 Vulnerability in npm package vm2
CVE-2021-23384 Vulnerability in npm package koa-remove-trailing-slashes