CVE-2024-8958

Critical CVSS: 9.8

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution.

Vendor

Composio

Product

Composio

CWE

CWE-434

Yayın Tarihi

2025-03-20 10:15:45

Güncelleme

2025-04-01 20:30:20

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-434 Composio CRITICAL Composio 2025

Referanslar

https://huntr.com/bounties/e152b094-0593-428e-b813-068d2390ce68 https://huntr.com/bounties/e152b094-0593-428e-b813-068d2390ce68

Benzer Kayıtlar

High

CVE-2025-56427

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via th…

High

CVE-2024-8955

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allo…

High

CVE-2024-8952

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /ap…

Critical

CVE-2024-8953

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform ma…

Critical

CVE-2024-8954

In composiohq/composio version 0.5.10, the API does not validate the `x-api-key` header's value during the authenticatio…

Medium

CVE-2024-53526

composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the han…