crawl4ai arbitrary file write vulnerability in download functionality

Arbitrary file write vulnerability in crawl4ai's download functionality. The destination filename was taken from attacker-influenced input (Content-Disposition header or suggested_filename) and joined to the downloads directory without confinement, allowing absolute path or ../ traversal to escape the downloads directory. This leads to arbitrary file write with attacker-controlled content, escalating to remote code execution.

Users of crawl4ai SDK or Docker deployment who crawl attacker-controlled URLs. The HTTP-strategy sink is reachable pre-auth on the default Docker deployment; both HTTP and browser crawler sinks are reachable for SDK users.

Upgrade to crawl4ai version 0.9.0 or later. If upgrade is not possible, run the crawler as an unprivileged user with an isolated downloads directory and enable authentication (CRAWL4AI_API_TOKEN) on the Docker server.