PraisonAIAgents has SSRF via unvalidated URL in `web_crawl` httpx fallback

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get() with follow_redirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints (169.254.169.254), internal services, and localhost. The response content is returned to the agent and may appear in output visible to the attacker. This fallback is the default crawl path on a fresh PraisonAI installation (no Tavily key, no Crawl4AI installed). This vulnerability is fixed in 1.5.128.

N/A

服务端请求伪造(SSRF)

PraisonAI 代码问题漏洞

PraisonAI是Mervin Praison个人开发者的一个低代码多智能体协作框架。 PraisonAI 1.5.128之前版本存在代码问题漏洞，该漏洞源于web_crawl的httpx回退路径将用户提供的URL直接传递给httpx.AsyncClient.get()且未进行主机验证，可能导致被诱骗的LLM代理访问云元数据端点、内部服务和本地主机，并将响应内容返回给攻击者。

N/A

N/A