CVE-2024-8952

High CVSS: 7.5

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system.

Vendor

Composio

Product

Composio

CWE

CWE-918

Yayın Tarihi

2025-03-20 10:15:44

Güncelleme

2025-04-01 20:30:34

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-918 Composio HIGH Composio 2025

Referanslar

https://huntr.com/bounties/d1acdd38-10d7-45df-9df0-9fc71f0e1c2a https://huntr.com/bounties/d1acdd38-10d7-45df-9df0-9fc71f0e1c2a

Benzer Kayıtlar

High

CVE-2025-56427

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via th…

High

CVE-2024-8955

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allo…

Critical

CVE-2024-8958

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools action…

Critical

CVE-2024-8953

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform ma…

Critical

CVE-2024-8954

In composiohq/composio version 0.5.10, the API does not validate the `x-api-key` header's value during the authenticatio…

Medium

CVE-2024-53526

composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the han…