PyPi: Composio-Core

CVE-2024-8865

Safety vulnerability ID: 73299

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 15, 2024 Updated at Jan 03, 2025

Scan your Python projects for vulnerabilities →

Advisory

A critical security vulnerability affects the composiohq composio library. The vulnerability exists in the path function of the file composio\server\api.py. Attackers can manipulate the 'file' argument to achieve path traversal, potentially accessing unauthorized files on the system. This vulnerability has been publicly disclosed and exploits may exist in the wild. The vendor has not responded to disclosure attempts, underscoring the urgency of this update. Never process file paths from untrusted sources without proper sanitization and validation.

Affected package

composio-core

Latest version: 0.6.11.post1

Core package to act as a bridge between composio platform and other services.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 4.9

CVSS v3 Details

MEDIUM 4.9

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): NONE
Availability Availability (A): NONE