80 matches found
CVE-2024-8958 Unrestricted File Write and Read in composiohq/composio
In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution...
CVE-2024-8958 Unrestricted File Write and Read in composiohq/composio
In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution...
CVE-2024-8952 SSRF in composiohq/composio
A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...
CVE-2024-8952 SSRF in composiohq/composio
A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...
CVE-2024-8952 SSRF in composiohq/composio
A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...
CVE-2024-8952
The CVE-2024-8952 SSRF vulnerability affects composiohq/composio v0.4.2 in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. The issue enables an attacker to read files, access AWS metadata, and interact with local services via crafted requests. Affected component is the endpoint ...
CVE-2024-8953 Unsafe eval usage in composiohq/composio
In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...
CVE-2024-8954 Authentication Bypass in composiohq/composio
In composiohq/composio version 0.5.10, the API does not validate the x-api-key header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the x-api-key header, thereby gaining unauthorized access to the server...
CVE-2024-8954 Authentication Bypass in composiohq/composio
In composiohq/composio version 0.5.10, the API does not validate the x-api-key header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the x-api-key header, thereby gaining unauthorized access to the server...
CVE-2024-8954 Authentication Bypass in composiohq/composio
In composiohq/composio version 0.5.10, the API does not validate the x-api-key header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the x-api-key header, thereby gaining unauthorized access to the server...
CVE-2024-8954
CVE-2024-8954 affects composiohq/composio 0.5.10, where the API does not validate the x-api-key header during authentication. This allows an attacker to bypass authentication by supplying any value in x-api-key, resulting in unauthorized access to the server. The accompanying metrics indicate a h...
CVE-2024-8955 SSRF in composiohq/composio
A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS actions...
CVE-2024-8955
Affected product: composiohq/composio v0.4.4. Vulnerability type: Server-Side Request Forgery (SSRF) via BROWSERTOOL_GOTO_PAGE and BROWSERTOOL_GET_PAGE_DETAILS actions. Root cause / impact: insufficient validation/handling of user-supplied URLs enables an attacker to read files from the system; i...
composio 安全漏洞
Composio is a production-ready toolset for AI agents open-sourced by Composio. A security vulnerability exists in composio version 0.4.3, which stems from the use of an insecure eval function in the mathematicalcalculator endpoint and could lead to arbitrary code execution...
Composio 安全漏洞
Composio is a production-ready toolset for AI agents open-sourced by Composio. A security vulnerability exists in Composio version 0.5.10 that stems from the API not validating the value of the x-api-key header, which could lead to unauthorized access...
Composio 安全漏洞
Composio is a production-ready toolset for AI agents open-sourced by Composio. A security vulnerability exists in Composio version 0.4.3 that stems from a filetools operation that does not validate file paths, which could lead to arbitrary file reads and writes...
Composio 安全漏洞
Composio is a production-ready toolset for AI agents open-sourced by Composio. A security vulnerability exists in Composio version v0.4.2, which stems from the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint that does not validate user input, which could lead to a server-side request...
Composio 安全漏洞
Composio is a production-ready toolset for AI agents open-sourced by Composio. A security vulnerability exists in Composio version v0.4.4, which stems from the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS operations that do not validate user input, potentially leading to a server-side reques...
GHSA-8H93-28HG-FJ84 Composio Command Execution vulnerability
composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...
Composio Command Execution vulnerability
composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...