Описание
Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter
A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The __import__ builtin was included in the allowed builtins, allowing attackers to import arbitrary modules and execute system commands.
Attack Vector:
POST /crawl
{
"urls": ["https://example.com"],
"hooks": {
"code": {
"on_page_context_created": "async def hook(page, context, **kwargs):\n __import__('os').system('malicious_command')\n return page"
}
}
}
Impact
An unauthenticated attacker can:
- Execute arbitrary system commands
- Read/write files on the server
- Exfiltrate sensitive data (environment variables, API keys)
- Pivot to internal network services
- Completely compromise the server
Mitigation
- Upgrade to v0.8.0 (recommended)
- If unable to upgrade immediately:
- Disable the Docker API
- Block
/crawlendpoint at network level - Add authentication to the API
Fix Details
- Removed
__import__fromallowed_builtinsinhook_manager.py - Hooks disabled by default (
CRAWL4AI_HOOKS_ENABLED=false) - Users must explicitly opt-in to enable hooks
Credits
Discovered by Neo by ProjectDiscovery (https://projectdiscovery.io)
Пакеты
Наименование
Crawl4AI
pip
Затронутые версииВерсия исправления
< 0.8.0
0.8.0
10 Critical
CVSS3
Дефекты
CWE-94
10 Critical
CVSS3
Дефекты
CWE-94