Description
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.
Remediation
References
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7
https://github.com/cloudflare/workers-sdk/pull/4532
Related Vulnerabilities
CVE-2021-21294 Vulnerability in maven package org.http4s:http4s-blaze-server_2.13
CVE-2022-21144 Vulnerability in npm package libxmljs
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa
CVE-2021-21277 Vulnerability in npm package angular-expressions
CVE-2019-1354 Vulnerability in maven package org.webjars.npm:nodegit