CVE-2024-8864

A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipulation leads to code injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:composio:composio:*:*:*:*:*:*:*:*

History

17 Sep 2024, 10:38

Type Values Removed Values Added
CVSS v2 : 5.2
v3 : 5.5
v2 : 5.2
v3 : 8.8
CPE cpe:2.3:a:composio:composio:*:*:*:*:*:*:*:*
First Time Composio composio
Composio
References () https://rumbling-slice-eb0.notion.site/Composio-s-Local-tools-Mathematical-has-a-code-injection-risk-in-composiohq-composio-ea0e89ee10fe4edfb9a8cfeed158c765?pvs=4 - () https://rumbling-slice-eb0.notion.site/Composio-s-Local-tools-Mathematical-has-a-code-injection-risk-in-composiohq-composio-ea0e89ee10fe4edfb9a8cfeed158c765?pvs=4 - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.277501 - () https://vuldb.com/?ctiid.277501 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.277501 - () https://vuldb.com/?id.277501 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.403204 - () https://vuldb.com/?submit.403204 - Third Party Advisory, VDB Entry

16 Sep 2024, 15:30

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en composiohq composio hasta la versión 0.5.6 y se ha clasificado como crítica. Esta vulnerabilidad afecta a la función Calculator del archivo python/composio/tools/local/mathematical/actions/calculator.py. La manipulación conduce a la inyección de código. El exploit se ha hecho público y puede utilizarse. Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.

15 Sep 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-15 01:15

Updated : 2024-09-17 10:38


NVD link : CVE-2024-8864

Mitre link : CVE-2024-8864

CVE.ORG link : CVE-2024-8864


JSON object : View

Products Affected

composio

  • composio
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')