Platform
nodejs
Component
firecrawl
Fixed in
1.1.2
CVE-2024-56800 describes a server-side request forgery (SSRF) vulnerability discovered in Firecrawl, a web scraper designed for large language models. This flaw allows attackers to potentially exfiltrate local network resources by crafting malicious redirects. The vulnerability impacts versions of Firecrawl prior to 1.1.1; a patch was released on December 27th, 2024, and the maintainers confirmed no user data was exposed.
The SSRF vulnerability in Firecrawl allows an attacker to manipulate the scraping engine into making requests to unintended internal resources. By crafting a malicious website that redirects Firecrawl to a local IP address, an attacker can potentially gain access to sensitive information residing on the local network. This could include internal APIs, databases, or other services that are not directly exposed to the internet. The blast radius extends to any resources accessible from the Firecrawl instance's network, potentially impacting other systems and services within the organization. While the maintainers state no user data was exposed, the potential for lateral movement and access to internal systems remains a significant concern.
CVE-2024-56800 was publicly disclosed on December 30th, 2024. The vulnerability is not currently listed on the CISA KEV catalog. No public proof-of-concept exploits have been widely reported, but the SSRF nature of the vulnerability makes it relatively straightforward to exploit. The low barrier to entry increases the likelihood of exploitation, particularly given the widespread use of web scraping tools.
Exploit Status
EPSS
0.05% (16% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-56800 is to immediately upgrade Firecrawl to version 1.1.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing strict input validation on the URLs provided to Firecrawl. This can help prevent malicious redirects by only allowing requests to trusted domains. Additionally, implement network segmentation to limit the potential impact of a successful SSRF attack. Monitor Firecrawl logs for suspicious outbound requests to internal IP addresses. While no specific WAF rules are available, generic SSRF detection rules can be applied.
Update Firecrawl to version 1.1.1 or higher. If you cannot update, configure a secure proxy for the Playwright services, blocking traffic to local IP addresses. Refer to the documentation for instructions on how to configure the proxy via the `PROXY_SERVER` environment variable.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-56800 is a server-side request forgery (SSRF) vulnerability affecting Firecrawl versions prior to 1.1.1, allowing attackers to potentially exfiltrate local network resources.
You are affected if you are using Firecrawl version 1.1.1 or earlier. Check your installed version and upgrade immediately.
Upgrade Firecrawl to version 1.1.1 or later. If upgrading is not possible, implement strict input validation on URLs.
While no widespread exploitation has been confirmed, the SSRF nature of the vulnerability makes it likely to be targeted.
Refer to the Firecrawl project's official channels and security advisories for the latest information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.