Plattform
nodejs
Komponente
firecrawl
Behoben in
1.1.2
CVE-2024-56800 describes a server-side request forgery (SSRF) vulnerability discovered in Firecrawl, a web scraper designed for large language models. This flaw allows attackers to potentially exfiltrate local network resources by crafting malicious redirects. The vulnerability impacts versions of Firecrawl prior to 1.1.1; a patch was released on December 27th, 2024, and the maintainers confirmed no user data was exposed.
The SSRF vulnerability in Firecrawl allows an attacker to manipulate the scraping engine into making requests to unintended internal resources. By crafting a malicious website that redirects Firecrawl to a local IP address, an attacker can potentially gain access to sensitive information residing on the local network. This could include internal APIs, databases, or other services that are not directly exposed to the internet. The blast radius extends to any resources accessible from the Firecrawl instance's network, potentially impacting other systems and services within the organization. While the maintainers state no user data was exposed, the potential for lateral movement and access to internal systems remains a significant concern.
CVE-2024-56800 was publicly disclosed on December 30th, 2024. The vulnerability is not currently listed on the CISA KEV catalog. No public proof-of-concept exploits have been widely reported, but the SSRF nature of the vulnerability makes it relatively straightforward to exploit. The low barrier to entry increases the likelihood of exploitation, particularly given the widespread use of web scraping tools.
Organizations utilizing Firecrawl for web scraping, particularly those deploying it within internal networks or behind firewalls, are at risk. Environments where Firecrawl is used to process data from untrusted sources are especially vulnerable. Shared hosting environments where multiple users share a single Firecrawl instance could also be impacted.
• nodejs / server:
ps aux | grep firecrawl
journalctl -u firecrawl | grep -i "request to"• generic web:
curl -I <firecrawl_endpoint> | grep -i "server"
grep -i "request to" /var/log/nginx/access.logdisclosure
patch
Exploit-Status
EPSS
0.05% (16% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-56800 is to immediately upgrade Firecrawl to version 1.1.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing strict input validation on the URLs provided to Firecrawl. This can help prevent malicious redirects by only allowing requests to trusted domains. Additionally, implement network segmentation to limit the potential impact of a successful SSRF attack. Monitor Firecrawl logs for suspicious outbound requests to internal IP addresses. While no specific WAF rules are available, generic SSRF detection rules can be applied.
Aktualisieren Sie Firecrawl auf Version 1.1.1 oder höher. Wenn ein Update nicht möglich ist, konfigurieren Sie einen sicheren Proxy für die Playwright-Dienste, der den Datenverkehr zu lokalen IP-Adressen blockiert. Weitere Informationen zur Konfiguration des Proxys über die Umgebungsvariable `PROXY_SERVER` finden Sie in der Dokumentation.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-56800 is a server-side request forgery (SSRF) vulnerability affecting Firecrawl versions prior to 1.1.1, allowing attackers to potentially exfiltrate local network resources.
You are affected if you are using Firecrawl version 1.1.1 or earlier. Check your installed version and upgrade immediately.
Upgrade Firecrawl to version 1.1.1 or later. If upgrading is not possible, implement strict input validation on URLs.
While no widespread exploitation has been confirmed, the SSRF nature of the vulnerability makes it likely to be targeted.
Refer to the Firecrawl project's official channels and security advisories for the latest information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.