CVE-2023-7078

HIGH Year: 2023
CVSS v3 Score
8.1
High
Weakness Type
CWE-918
View all →

Vulnerability Description

Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.

Related Vulnerabilities

CVE-2017-16870

HIGH
CVSS:8.1(High)

The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that ...

CWE-9182017

CVE-2017-6201

HIGH
CVSS:8.1(High)

A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access contr...

CWE-9182017

CVE-2018-20436

HIGH
CVSS:8.1(High)

The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent...

CWE-9182018

CVE-2020-21649

HIGH
CVSS:8.1(High)

Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method.

CWE-9182020

CVE-2020-22983

HIGH
CVSS:8.1(High)

A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via ...

CWE-9182020

CVE-2020-8134

HIGH
CVSS:8.1(High)

Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.

CWE-9182020