CVE-2023-3348: 
JavaScript vulnerability analysis and mitigation

The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). The vulnerability was discovered and disclosed in August 2023, affecting the Cloudflare Wrangler CLI tool used for developing and deploying Cloudflare Workers (Wrangler Docs, Workers SDK).

The vulnerability is classified as a directory traversal vulnerability (CWE-22) that allows attackers on the same network to connect to the local development server and access files outside of the development server's directory. The vulnerability has been assigned a CVSS v3.1 base score of 5.7 (Medium) with the vector string CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating adjacent network attack vector, low attack complexity, no privileges required, and high confidentiality impact (GitHub Advisory).

The vulnerability allows attackers in the same network as the victim to access files present outside of the directory designated for the development server, potentially exposing sensitive information on the victim's system (GitHub Advisory).

Users should upgrade to patched versions: Wrangler2 users should upgrade to v2.20.1 or higher, while Wrangler3 users should upgrade to v3.1.1 or higher (GitHub Advisory).