Description
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.
Remediation
References
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7
https://github.com/cloudflare/workers-sdk/pull/4532
Related Vulnerabilities
CVE-2021-41183 Vulnerability in npm package jquery-ui
CVE-2023-33546 Vulnerability in maven package org.codehaus.janino:janino-parent
CVE-2020-5219 Vulnerability in maven package org.webjars.npm:angular-expressions
CVE-2021-23561 Vulnerability in npm package comb
CVE-2022-1330 Vulnerability in maven package org.webjars.bower:fullpage.js