HIGH 8.6
PYSEC-2026-596
상세
Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reach internal services and cloud metadata endpoints.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.