CVE-2024-8865

A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Affected by this issue is the function path of the file composio\server\api.py. The manipulation of the argument file leads to path traversal. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:composio:composio:*:*:*:*:*:*:*:*

History

17 Sep 2024, 10:50

Type Values Removed Values Added
CPE cpe:2.3:a:composio:composio:*:*:*:*:*:*:*:*
First Time Composio composio
Composio
CVSS v2 : 2.7
v3 : 3.5
v2 : 2.7
v3 : 4.9
References () https://rumbling-slice-eb0.notion.site/There-is-an-arbitrary-file-read-vulnerability-at-api-download-in-composiohq-composio-f0ec1ec26a5f434a97bb1ffde435a35b?pvs=4 - () https://rumbling-slice-eb0.notion.site/There-is-an-arbitrary-file-read-vulnerability-at-api-download-in-composiohq-composio-f0ec1ec26a5f434a97bb1ffde435a35b?pvs=4 - Exploit
References () https://vuldb.com/?ctiid.277502 - () https://vuldb.com/?ctiid.277502 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.277502 - () https://vuldb.com/?id.277502 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.403206 - () https://vuldb.com/?submit.403206 - Third Party Advisory, VDB Entry

16 Sep 2024, 15:30

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en composiohq composio hasta la versión 0.5.8 y se clasificó como problemática. Este problema afecta la ruta de función del archivo composio\server\api.py. La manipulación del archivo de argumentos provoca path traversal. La vulnerabilidad se ha divulgado al público y puede utilizarse. Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.

15 Sep 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-15 01:15

Updated : 2024-09-17 10:50


NVD link : CVE-2024-8865

Mitre link : CVE-2024-8865

CVE.ORG link : CVE-2024-8865


JSON object : View

Products Affected

composio

  • composio
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')