Description
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.
Remediation
References
https://github.com/cloudflare/workers-sdk/pull/4532
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7
Related Vulnerabilities
CVE-2022-35949 Vulnerability in maven package org.webjars.npm:undici
CVE-2022-29599 Vulnerability in maven package org.apache.maven.shared:maven-shared-utils
CVE-2020-28272 Vulnerability in npm package keyget
CVE-2022-24762 Vulnerability in npm package sysend
CVE-2020-28472 Vulnerability in npm package @aws-sdk/shared-ini-file-loader