Summary
Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker server
References
Related vulnerabilities
All Supply chain →- MEDIUMGHSA-GR75-JV2W-4656
LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders
- MEDIUMGHSA-239W-M3H6-CH8V
File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope
- HIGHGHSA-R4GV-QR8J-P3PG
handlebars.java FileTemplateLoader Path Traversal
- HIGHGHSA-R2WG-2MCR-66RV
Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal
- MEDIUMGHSA-J2C8-V969-8R5C
Open WebUI: Sibling-Prefix Path Traversal via /cache/{path}
- MEDIUMGHSA-3PVJ-JV98-QHJQ
Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory