15 matches found
Directory Traversal
Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Directory Traversal via the downloadfileordir function. An attacker can access sensitive files outside the intended directory by supplying...
agentic-fleet (>=0.1.6 <=0.4.81), composio (=0.1.1) +37 more potentially affected by CVE-2025-56427 via composio-core (>=0.3.13 <=0.7.21)
composio-core PYPI version =0.3.13, =0.1.6, =0.7.1, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.7.1, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.7.15, =0.3.13, =0.7.20 and more Source cves: CVE-2025-56427 Source advisory: SNYK:PYTHON-COMPOSIOCORE-14191990...
agentic-fleet (>=0.1.6 <=0.4.81), composio (=0.1.1) +37 more potentially affected by CVE-2024-8952 via composio-core (>=0.3.13 <=0.7.21)
composio-core PYPI version =0.3.13, =0.1.6, =0.7.1, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.7.1, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.7.15, =0.3.13, =0.7.20 and more Source cves: CVE-2024-8952 Source advisory: SNYK:PYTHON-COMPOSIOCORE-9637813...
agentic-fleet (>=0.1.6 <=0.4.81), composio (=0.1.1) +37 more potentially affected by CVE-2024-8955 via composio-core (>=0.3.13 <=0.7.21)
composio-core PYPI version =0.3.13, =0.1.6, =0.7.1, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.7.1, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.7.15, =0.3.13, =0.7.20 and more Source cves: CVE-2024-8955 Source advisory: SNYK:PYTHON-COMPOSIOCORE-9637812...
composio-autogen (>=0.3.13 <=0.5.42), composio-camel (>=0.3.17 <=0.5.42) +13 more potentially affected by CVE-2024-8953 via composio-core (>=0.3.13 <=0.5.42)
composio-core PYPI version =0.3.13, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.3.13, =0.3.13, =0.3.13, =0.4.2, =0.3.24, =0.2.31, =0.2.40 Source cves: CVE-2024-8953 Source advisory: OSV:GHSA-5XG7-5662-8X7J...
composio-autogen (>=0.3.13 <=0.4.4), composio-camel (>=0.3.17 <=0.4.4) +11 more potentially affected by CVE-2024-8955 via composio-core (>=0.3.13 <=0.4.4)
composio-core PYPI version =0.3.13, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.3.13, =0.3.13, =0.3.13, =0.4.2, =0.3.24, =0.4.4 Source cves: CVE-2024-8955 Source advisory: OSV:GHSA-38MG-WM59-G64X...
Server-side Request Forgery (SSRF)
Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. An attacker with high privileges ca...
composio-autogen (>=0.3.13 <=0.5.42), composio-camel (>=0.3.17 <=0.5.42) +13 more potentially affected by CVE-2024-8953 via composio-core (>=0.3.13 <=0.5.42)
composio-core PYPI version =0.3.13, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.3.13, =0.3.13, =0.3.13, =0.4.2, =0.3.24, =0.2.31, =0.2.40 Source cves: CVE-2024-8953 Source advisory: SNYK:PYTHON-COMPOSIOCORE-9637814...
composio-autogen (>=0.3.13 <=0.4.2), composio-camel (>=0.3.17 <=0.4.2) +11 more potentially affected by CVE-2024-8952 via composio-core (>=0.3.13 <=0.4.2)
composio-core PYPI version =0.3.13, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.4.2 Source cves: CVE-2024-8952 Source advisory: OSV:GHSA-QVG9-VP87-H3HR...
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Improper Neutralization of Data within XPath Expressions 'XPath Injection' via the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS action...
Dynamic Variable Evaluation
Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Dynamic Variable Evaluation through the eval function in the mathematicalcalculator endpoint. An attacker can execute arbitrary code by...
Arbitrary Command Injection
Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Arbitrary Command Injection via the handletoolcalls function due to improper user input sanitization. PoC py from composioopenai import...
composio-autogen (>=0.3.13 <=0.6.19), composio-camel (>=0.3.17 <=0.6.19) +16 more potentially affected by CVE-2024-53526 via composio-core (>=0.3.13 <=0.6.2)
composio-core PYPI version =0.3.13, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.3.13, =0.3.13, =0.3.13, =0.4.2, =0.3.24, =0.0.3, =0.0.7 and more Source cves: CVE-2024-53526 Source advisory: SNYK:PYTHON-COMPOSIOCORE-8605708...
composio-autogen (>=0.3.13 <=0.5.52rc2), composio-camel (>=0.3.17 <=0.5.52rc2) +15 more potentially affected by CVE-2024-8865 via composio-core (>=0.3.13 <=0.5.8)
composio-core PYPI version =0.3.13, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.3.13, =0.3.13, =0.3.13, =0.4.2, =0.3.24, =0.5.43 - gensphere =0.1.9 and more Source cves: CVE-2024-8865 Source advisory: OSV:GHSA-66R2-XM28-74W9...
composio-autogen (>=0.3.13 <=0.5.52rc2), composio-camel (>=0.3.17 <=0.5.52rc2) +15 more potentially affected by CVE-2024-8864 via composio-core (>=0.3.13 <=0.5.6)
composio-core PYPI version =0.3.13, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.3.13, =0.3.13, =0.3.13, =0.4.2, =0.3.24, =0.5.43 - gensphere =0.1.9 and more Source cves: CVE-2024-8864 Source advisory: OSV:GHSA-MRMH-3HQH-PFW7...