Summary
Crawl4AI: LLM credential exfiltration in Docker server via request base_url and env: token resolution
References
Related vulnerabilities
All Supply chain →- HIGHSC-TRAVIS-LEAK-2021
Between September 3 and September 10, 2021 a flaw in Travis CI's build activation process, tracked as CVE-2021-41077 and disclosed publicly on September 13, caused secure environment variables to be injected into builds they should never reach. Secret data normally restricted to the private context of a repository was unexpectedly shared with builds triggered by pull requests from forks of public repositories, contradicting the customer's .travis.yml configuration. As a result anyone could fork a public project, open a pull request, and simply print the build environment to read the upstream project's secret environment variables, exposing signing keys, access credentials, and API tokens across thousands of open-source projects. This was a secret-exfiltration-to-forked-builds class flaw; Ethereum's Felix Lange flagged it on September 7 and Travis CI silently patched it on September 10 with no initial post-mortem, prompting affected projects such as conda-forge to rotate roughly 70 feedstock tokens.
- CRITICALGHSA-X223-P2GF-V735
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak
- MEDIUMGHSA-FG94-H982-F3MM
Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch
- HIGHGHSA-JRFP-M64G-PCWV
Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects
- HIGHGHSA-R2WG-2MCR-66RV
Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal
- HIGHGHSA-RJXQ-QQHF-8HWH
OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin