CVE-2024-8953

Summary

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.

Affected Software

VendorProductVersion RangeStatus
composiohqcomposiohq/composiounspecified <= latestaffected

Weaknesses

  • CWE-627: CWE-627 Dynamic Variable Evaluation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References