Crawl4AI Docker API Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in Crawl4AI versions prior to 0.8.0, specifically within the Docker API deployment. The vulnerability arises because the '/crawl' endpoint allows the inclusion of Python code through the 'hooks' parameter, which is executed using 'exec()'. The '.__import__' function was among the permitted builtins, enabling unauthenticated remote attackers to import arbitrary modules and execute system commands. Exploitation of this vulnerability could lead to a complete compromise of the server, allowing for arbitrary command execution, unauthorized file access, exfiltration of sensitive data, and lateral movement within internal networks.

Impact

Successful exploitation allows for full server compromise, including arbitrary command execution, unauthorized file access, exfiltration of sensitive data, and lateral movement within internal networks.

Reproduction

To reproduce this vulnerability, send a POST request to the '/crawl' endpoint with a 'hooks' parameter containing Python code. The code can use the '.__import__' function to import modules, such as 'os' or 'subprocess', and execute commands on the server. This can be done by crafting a hook that runs the desired command when a specific event occurs during the crawling process.

Remediation

Users are advised to upgrade to Crawl4AI version 0.8.0 or later, where this vulnerability has been patched. If an immediate upgrade is not possible, disable the Docker API, block the '/crawl' endpoint at the network level, and add authentication to the API.