crawl4ai@0.8.7

Crawl4AI is a 🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper

Affected versions of this package are vulnerable to Symlink Attack via the download process. An attacker can overwrite arbitrary files with attacker-controlled content by supplying crafted filenames containing absolute paths or directory traversal sequences, which are then written outside the intended downloads directory. This can lead to execution of malicious code by overwriting files such as shell rc-files, ~/.ssh/authorized_keys, cron entries, or Python modules on the import path. This is only exploitable if the crawler is run with sufficient privileges or in an environment where sensitive paths are writable.

Upgrade Crawl4AI to version 0.9.0 or higher.

Crawl4AI is a 🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper

Affected versions of this package are vulnerable to Arbitrary Code Injection via the browser_config.extra_args parameter in API requests. An attacker can execute arbitrary commands as the container's runtime user by injecting malicious Chromium launch arguments, leading to full read/write access to application data, secrets, environment variables, and potential data exfiltration. This is only exploitable if the Docker API server is left unauthenticated and accessible to attackers.

Upgrade Crawl4AI to version 0.9.0 or higher.

Crawl4AI is a 🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the proxy_config.server parameter in the browser_config or crawler_config objects, as well as related proxy settings in extra_args. An attacker can access internal services and cloud-metadata endpoints by supplying a proxy address pointing to internal IPs, causing the server to route requests through attacker-controlled proxies and return sensitive responses.

Upgrade Crawl4AI to version 0.8.9 or higher.

Crawl4AI is a 🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper

Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the output_path parameter in the Docker API server's screenshot and PDF endpoints, which failed to properly resolve symlinks and allowed file writes outside the intended directory. An attacker can achieve arbitrary file writes, potentially leading to code execution, by supplying crafted symlinked paths. Additionally, user-controlled input was reflected into log lines and webhook headers without adequate sanitization, enabling log forging and injection of unauthorized headers in outbound webhook requests. This is only exploitable if the API is left unauthenticated or the runtime user has write access to sensitive locations.

Upgrade Crawl4AI to version 0.8.8 or higher.

Crawl4AI is a 🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the validate_webhook_url and validate_url_destination functions. An attacker can access internal services and cloud metadata endpoints by submitting specially crafted URLs that encode internal IP addresses using IPv6 transition forms or unspecified addresses. This is only exploitable if the API server is left unauthenticated (with jwt_enabled: false).

Upgrade Crawl4AI to version 0.8.8 or higher.