How severe is CVE-2024-8953?

CVE-2024-8953 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2024-8953

Name: composio
Author: composio

9.8CRITICAL

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted in

게시됨: 3/20/2025업데이트됨: 4/1/2025

설명

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.

AI 분석AI 기반

영향받는 제품

composiocomposio

0.4.3

참조

https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c
Exploit
https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c
Exploit