Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Crawl4AI < 0.8.0 Docker API Local File Inclusion via file URL Handling
Vulnerability Description
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can access sensitive files such as /etc/passwd, /etc/shadow, application configuration files, and environment variables via /proc/self/environ, potentially exposing credentials, API keys, and internal application structure.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Crawl4AI 路径遍历漏洞
Vulnerability Description
Crawl4AI是UncleCode个人开发者的一个开源LLM友好的网络爬虫。 Crawl4AI 0.8.0之前版本存在路径遍历漏洞,该漏洞源于Docker API部署中的多个端点接受file:// URL,可能导致未经身份验证的远程攻击者读取服务器文件系统中的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A