How severe is CVE-2024-8953?

CVE-2024-8953 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2024-8953

Name: composio
Author: composio

9.8CRITICAL

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted in

公開日: 3/20/2025更新日: 4/1/2025

説明

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.

AI分析AIによる分析

影響を受ける製品

composiocomposio

0.4.3

参照

https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c
Exploit
https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c
Exploit