Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Firecrawl SSRF Vulnerability via malicious webhook
Vulnerability Description
Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery (SSRF) vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an internal URL and send POST requests with arbitrary headers, which may have allowed access to internal systems. This has been fixed in version 2.0.1. If upgrading is not possible, it is recommend to isolate Firecrawl from any sensitive internal systems.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Firecrawl 代码问题漏洞
Vulnerability Description
Firecrawl是Mendable.ai的一款开源 AI 网络爬虫工具。 Firecrawl 2.0.1之前版本存在代码问题漏洞,该漏洞源于webhook功能存在服务端请求伪造漏洞,可能导致访问内部系统。
CVSS Information
N/A
Vulnerability Type
N/A