How severe is CVE-2024-8953?

CVE-2024-8953 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2024-8953

Name: composio
Author: composio

9.8CRITICAL

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted in

Published: 3/20/2025Updated: 4/1/2025

Description

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.

AI AnalysisPowered by AI

Affected Products

composiocomposio

0.4.3

References

https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c
Exploit
https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c
Exploit