{"data":{"id":"54ce4697-a8f9-4f73-a7cf-a8d3959a2314","title":"CVE-2024-56800: Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions pr","summary":"Firecrawl, a web scraper that extracts webpage content for large language models, had a server-side request forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making unwanted requests to internal networks) in versions before 1.1.1 that could expose local network resources. The cloud service was patched on December 27th, 2024, and the open-source version was patched on December 29th, 2024, with no user data exposed.","solution":"All open-source Firecrawl users should upgrade to v1.1.1. For the unpatched playwright services, users should configure a secure proxy by setting the `PROXY_SERVER` environment variable and ensure the proxy is configured to block all traffic to link-local IP addresses (see documentation for setup instructions).","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-56800","publishedAt":"2024-12-30T19:15:08.333Z","cveId":"CVE-2024-56800","cweIds":["CWE-918"],"cvssScore":"7.4","cvssSeverity":"high","severity":"high","attackType":["rag_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Firecrawl"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0005,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"rag","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}