CVE-2024-8953

Critical CVSS: 9.8

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.

Vendor

Composio

Product

Composio

CWE

CWE-627

Yayın Tarihi

2025-03-20 10:15:44

Güncelleme

2025-04-01 20:30:28

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-627 Composio CRITICAL Composio 2025

Referanslar

https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c

Benzer Kayıtlar

High

CVE-2025-56427

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via th…

High

CVE-2024-8955

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allo…

Critical

CVE-2024-8958

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools action…

High

CVE-2024-8952

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /ap…

Critical

CVE-2024-8954

In composiohq/composio version 0.5.10, the API does not validate the `x-api-key` header's value during the authenticatio…

Medium

CVE-2024-53526

composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the han…