漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Crawl4AI - Server-Side Request Forgery via Direct Crawl Endpoints
Vulnerability Description
Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reach internal services and cloud metadata endpoints.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
UncleCode Crawl4AI 服务端请求伪造漏洞
Vulnerability Description
UncleCode Crawl4AI是新加坡UncleCode个人开发者的一款AI驱动的爬虫软件。 UncleCode Crawl4AI 0.8.7之前版本存在服务端请求伪造漏洞,该漏洞源于/crawl、/crawl/stream、/md和/llm端点中的服务端请求伪造,可能导致未经身份验证的攻击者绕过内部地址黑名单访问内部服务和云元数据端点。
CVSS Information
N/A
Vulnerability Type
N/A