CVE-2024-8952

Published: Mar 20, 2025Modified: Apr 1, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system.

Affected (1)

Products: Composio: Composio

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Composio Composio	Version 0.4.2

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://huntr.com/bounties/d1acdd38-10d7-45df-9df0-9fc71f0e1c2a

Source: security@huntr.dev

Exploit

https://huntr.com/bounties/d1acdd38-10d7-45df-9df0-9fc71f0e1c2a

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Exploit

Timeline

No history available yet.