CVE-2023-7080

Summary

CVE-2023-7080 is a vulnerability in the V8 inspector of Cloudflare's Wrangler tool, which allows arbitrary code execution within the Workers sandbox for debugging. This issue was exploitable when an attacker on the local network connected to the inspector server, as it did not validate Origin/Host headers, allowing any user on the local network to run code. Previous versions of Wrangler, specifically [email protected] and below, also had an SSRF vulnerability (CVE-2023-7078) that granted access to the local network. [email protected] and [email protected] have been released to address both vulnerabilities, with the inspector server now listening only on local interfaces by default and validating Origin/Host headers to prevent arbitrary code execution.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.