How severe is CVE-2024-8953?

CVE-2024-8953 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2024-8953

Name: composio
Author: composio

9.8CRITICAL

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted in

发布于: 3/20/2025更新于: 4/1/2025

描述

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.

AI分析AI驱动

受影响产品

composiocomposio

0.4.3

参考资料

https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c
Exploit
https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c
Exploit