Lucene search
K

80 matches found

Cvelist
Cvelist
added 2025/03/20 10:11 a.m.17 views

CVE-2024-8958 Unrestricted File Write and Read in composiohq/composio

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution...

7.2CVSS0.01292EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.9 views

CVE-2024-8958 Unrestricted File Write and Read in composiohq/composio

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution...

7.2CVSS7.6AI score0.01292EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:10 a.m.7 views

CVE-2024-8952 SSRF in composiohq/composio

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...

6.8CVSS6.7AI score0.00671EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.9 views

CVE-2024-8952 SSRF in composiohq/composio

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...

6.8CVSS6.5AI score0.00671EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.13 views

CVE-2024-8952 SSRF in composiohq/composio

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...

6.8CVSS0.00671EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.86 views

CVE-2024-8952

The CVE-2024-8952 SSRF vulnerability affects composiohq/composio v0.4.2 in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. The issue enables an attacker to read files, access AWS metadata, and interact with local services via crafted requests. Affected component is the endpoint ...

7.5CVSS6.5AI score0.00671EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/03/20 10:10 a.m.9 views

CVE-2024-8953 Unsafe eval usage in composiohq/composio

In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...

7.2CVSS7.6AI score0.01103EPSS
Exploits1References3
OSV
OSV
added 2025/03/20 10:10 a.m.3 views

CVE-2024-8954 Authentication Bypass in composiohq/composio

In composiohq/composio version 0.5.10, the API does not validate the x-api-key header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the x-api-key header, thereby gaining unauthorized access to the server...

9.8CVSS7.2AI score0.00817EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.4 views

CVE-2024-8954 Authentication Bypass in composiohq/composio

In composiohq/composio version 0.5.10, the API does not validate the x-api-key header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the x-api-key header, thereby gaining unauthorized access to the server...

9.8CVSS9.6AI score0.00817EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.13 views

CVE-2024-8954 Authentication Bypass in composiohq/composio

In composiohq/composio version 0.5.10, the API does not validate the x-api-key header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the x-api-key header, thereby gaining unauthorized access to the server...

9.8CVSS0.00817EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.82 views

CVE-2024-8954

CVE-2024-8954 affects composiohq/composio 0.5.10, where the API does not validate the x-api-key header during authentication. This allows an attacker to bypass authentication by supplying any value in x-api-key, resulting in unauthorized access to the server. The accompanying metrics indicate a h...

9.8CVSS9.6AI score0.00817EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.10 views

CVE-2024-8955 SSRF in composiohq/composio

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS actions...

6.8CVSS0.00679EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.47 views

CVE-2024-8955

Affected product: composiohq/composio v0.4.4. Vulnerability type: Server-Side Request Forgery (SSRF) via BROWSERTOOL_GOTO_PAGE and BROWSERTOOL_GET_PAGE_DETAILS actions. Root cause / impact: insufficient validation/handling of user-supplied URLs enables an attacker to read files from the system; i...

7.5CVSS6.5AI score0.00679EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

composio 安全漏洞

Composio is a production-ready toolset for AI agents open-sourced by Composio. A security vulnerability exists in composio version 0.4.3, which stems from the use of an insecure eval function in the mathematicalcalculator endpoint and could lead to arbitrary code execution...

9.8CVSS7.4AI score0.01103EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

Composio 安全漏洞

Composio is a production-ready toolset for AI agents open-sourced by Composio. A security vulnerability exists in Composio version 0.5.10 that stems from the API not validating the value of the x-api-key header, which could lead to unauthorized access...

9.8CVSS9.3AI score0.00817EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

Composio 安全漏洞

Composio is a production-ready toolset for AI agents open-sourced by Composio. A security vulnerability exists in Composio version 0.4.3 that stems from a filetools operation that does not validate file paths, which could lead to arbitrary file reads and writes...

9.8CVSS7AI score0.01292EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.6 views

Composio 安全漏洞

Composio is a production-ready toolset for AI agents open-sourced by Composio. A security vulnerability exists in Composio version v0.4.2, which stems from the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint that does not validate user input, which could lead to a server-side request...

7.5CVSS6.5AI score0.00671EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.6 views

Composio 安全漏洞

Composio is a production-ready toolset for AI agents open-sourced by Composio. A security vulnerability exists in Composio version v0.4.4, which stems from the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS operations that do not validate user input, potentially leading to a server-side reques...

7.5CVSS6.5AI score0.00679EPSS
Exploits1References1
OSV
OSV
added 2025/01/08 9:32 p.m.10 views

GHSA-8H93-28HG-FJ84 Composio Command Execution vulnerability

composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...

6.4CVSS6.5AI score0.00584EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2025/01/08 9:32 p.m.13 views

Composio Command Execution vulnerability

composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...

6.4CVSS6.5AI score0.00584EPSS
Exploits1References8Affected Software3
Rows per page
Query Builder