How severe is CVE-2024-8953?

CVE-2024-8953 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2024-8953

Name: composio
Author: composio

9.8CRITICAL

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted in

Опубликовано: 3/20/2025Обновлено: 4/1/2025

Описание

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.

ИИ-АнализНа базе ИИ

Затронутые продукты

composiocomposio

0.4.3

Ссылки

https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c
Exploit
https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c
Exploit