CVE-2025-28197: Crawl4AI SSRF vulnerability

The vulnerability is an SSRF in 'crawl4ai/async_dispatcher.py'. I analyzed the provided code for this file. The SSRF occurs because user-supplied URLs are passed to a web crawling mechanism (likely 'self.crawler.arun()') without proper validation. The functions 'MemoryAdaptiveDispatcher.crawl_url' and 'SemaphoreDispatcher.crawl_url' are directly responsible for taking a URL string and initiating the crawl. The 'run_urls' and 'run_urls_stream' methods in these respective classes take lists of URLs and then call their corresponding 'crawl_url' methods, making them part of the vulnerable execution path if a malicious URL is included in the list. These functions are identified as vulnerable because they are the points within 'async_dispatcher.py' where the untrusted URL is handled and passed to the component that makes the external network request. Since no patch information was available, the analysis is based on the structure of the fetched code and the vulnerability description.