GHSA-5882-5rx9-xgxp: 
Python vulnerability analysis and mitigation

A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The __import__ builtin was included in the allowed builtins, allowing attackers to import arbitrary modules and execute system commands. Attack Vector:

POST /crawl
{
  "urls": ["https://example.com"],
  "hooks": {
    "code": {
      "on_page_context_created": "async def hook(page, context, **kwargs):\n    __import__('os').system('malicious_command')\n    return page"
    }
  }
}

Impact

An unauthenticated attacker can:

• Execute arbitrary system commands
• Read/write files on the server
• Exfiltrate sensitive data (environment variables, API keys)
• Pivot to internal network services
• Completely compromise the server

Mitigation

1. Upgrade to v0.8.0 (recommended)
2. If unable to upgrade immediately:
   • Disable the Docker API
   • Block /crawl endpoint at network level
   • Add authentication to the API

Fix Details

1. Removed __import__ from allowed_builtins in hook_manager.py
2. Hooks disabled by default (CRAWL4AI_HOOKS_ENABLED=false)
3. Users must explicitly opt-in to enable hooks

Credits

Discovered by Neo by ProjectDiscovery (https://projectdiscovery.io)