| Titre | mosaxiv clawlet 0.2.10 Server-Side Request Forgery (SSRF) (CWE-918) |
|---|
| Description | # Technical Details
An SSRF vulnerability exists in the default `web_fetch` execution path in `tools/tool_web_fetch.go`, with configuration seeded by `config.Default()` and policy evaluation in `tools/web_fetch_policy.go`, of clawlet.
The application fails to deny loopback and RFC1918/private-network HTTP targets at runtime. The default configuration sets `AllowedDomains` to `["*"]`, and the fetch path checks only hostname policy before sending the request, so localhost and internal services remain reachable.
# Vulnerable Code
File: `config/config.go`, `tools/tool_web_fetch.go`, `tools/web_fetch_policy.go`
Method: `config.Default`, `(*Registry).webFetch`, `allowHostByPolicy`
Why: `config.Default()` creates a wildcard-allow web policy, and `(*Registry).webFetch` relies on `allowHostByPolicy` without any built-in loopback/private-IP deny check before `http.Client.Do`. The redirect callback repeats the same incomplete validation.
# Reproduction
1. Start a loopback canary HTTP server on the host running clawlet.
2. Invoke the real `tools.Registry.Execute("web_fetch", ...)` path under `config.Default()` with a URL pointing to `127.0.0.1`, `localhost`, or another internal HTTP endpoint.
3. Confirm the returned tool output contains the canary response body and the canary server records the inbound hit; then apply a restrictive domain policy to verify the control request is blocked.
# Impact
- Loopback-only and private-network HTTP services can be reached through the clawlet host.
- Sensitive internal responses can be disclosed directly to the model or caller.
- The host can be abused as a pivot for further internal HTTP interaction. |
|---|
| La source | ⚠️ https://github.com/mosaxiv/clawlet/issues/14 |
|---|
| Utilisateur | Eric-b (UID 96354) |
|---|
| Soumission | 11/06/2026 09:05 (il y a 1 mois) |
|---|
| Modérer | 13/07/2026 18:57 (1 month later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 378123 [mosaxiv clawlet jusqu’à 0.2.10 tools/tool_web_fetch.go tools.webFetch élévation de privilèges] |
|---|
| Points | 20 |
|---|