Crawl4AI Local File Inclusion Vulnerability in Docker API

A local file inclusion vulnerability has been identified in Crawl4AI versions prior to 0.8.0, specifically within the Docker API deployment. The vulnerability arises because the /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs. This allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. Exploitation of this vulnerability could lead to access to sensitive files such as /etc/passwd, /etc/shadow, application configuration files, and environment variables via /proc/self/environ, potentially exposing credentials, API keys, and internal application structure.

Impact

Exploitation of this vulnerability allows for unauthorized reading of sensitive files from the server, including password and shadow files, application configuration, and environment variables. This access could lead to the exposure of credentials and API keys.

Reproduction

To reproduce this vulnerability, send a POST request to one of the vulnerable endpoints (/execute_js, /screenshot, /pdf, or /html) with a file:// URL pointing to a sensitive file, such as /etc/passwd. The server will respond with the contents of the requested file, demonstrating the local file inclusion vulnerability.

Remediation

Users are advised to update to Crawl4AI version 0.8.0 or later, where this vulnerability has been patched. For those using the Docker API, hooks are now disabled by default and file:// URLs are no longer accepted. Review the migration guide available in the Crawl4AI GitHub repository for detailed instructions on updating.