CVE-2024-8954

Critical CVSS: 9.8

In composiohq/composio version 0.5.10, the API does not validate the `x-api-key` header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the `x-api-key` header, thereby gaining unauthorized access to the server.

Vendor

Composio

Product

Composio

CWE

CWE-304

Yayın Tarihi

2025-03-20 10:15:44

Güncelleme

2025-07-15 15:49:09

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-304 Composio CRITICAL Composio 2025

Referanslar

https://huntr.com/bounties/f1e0fdce-00d7-4261-a466-923062800b12

Benzer Kayıtlar

High

CVE-2025-56427

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via th…

High

CVE-2024-8955

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allo…

Critical

CVE-2024-8958

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools action…

High

CVE-2024-8952

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /ap…

Critical

CVE-2024-8953

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform ma…

Medium

CVE-2024-53526

composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the han…