Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Firecrawl Playwright Service SSRF Protection Bypass via Missing Post-Redirect Validation
Vulnerability Description
Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply an externally valid URL that passes validation and returns an HTTP redirect to an internal or restricted resource, allowing the browser to follow the redirect and fetch the final destination without revalidation, thereby gaining access to internal network services and sensitive endpoints. This issue is distinct from CVE-2024-56800, which describes redirect-based SSRF generally. This vulnerability specifically arises from a post-redirect enforcement gap in implemented SSRF protections, where validation is applied only to the initial request and not to the final redirected destination.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Firecrawl 代码问题漏洞
Vulnerability Description
Firecrawl是Mendable.ai的一款开源 AI 网络爬虫工具。 Firecrawl 2.8.0及之前版本存在代码问题漏洞,该漏洞源于Playwright抓取服务中存在服务端请求伪造保护绕过,可能导致攻击者访问内部网络服务和敏感端点。
CVSS Information
N/A
Vulnerability Type
N/A