GHSA-92x2-g374-gcvxHighCVSS 8.5
PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the web_crawl...
🔗 CVE IDs covered (1)
📋 Description
PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the web_crawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. Attackers can use DNS rebinding to bypass SSRF protection and retrieve internal HTTP response bodies from private or loopback services.