
We found results for “”
CVE-2024-8953
Good to know:

Date: March 20, 2025
In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Top Fix

Upgrade Version
Upgrade to version composio-core - 0.5.43;composio-core - 0.5.43;https://github.com/ComposioHQ/composio.git - v0.5.43
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |