GHSA-vx9w-5cx4-9796: Crawl4AI Has Local File Inclusion in Docker API via file:// URLs
A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem.
Attack Vector:
POST /execute_js
{
"url": "file:///etc/passwd",
"scripts": ["document.body.innerText"]
}
Impact
An unauthenticated attacker can:
- Read sensitive files (/etc/passwd, /etc/shadow, application configs)
- Access environment variables via /proc/self/environ
- Discover internal application structure
- Potentially read credentials and API keys
Workarounds
- Disable the Docker API
- Add authentication to the API
- Use network-level filtering
References
- github.com/advisories/GHSA-vx9w-5cx4-9796
- github.com/unclecode/crawl4ai
- github.com/unclecode/crawl4ai/blob/release/v0.8.0/docs/blog/release-v0.8.0.md
- github.com/unclecode/crawl4ai/blob/release/v0.8.0/docs/migration/v0.8.0-upgrade-guide.md
- github.com/unclecode/crawl4ai/security/advisories/GHSA-vx9w-5cx4-9796
Code Behaviors & Features
Detect and mitigate GHSA-vx9w-5cx4-9796 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →