← Back

CVE-2024-8954

nvd nist
Published: Mar 20, 2025Modified: Jul 15, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: security@huntr.dev (Secondary)

Description

In composiohq/composio version 0.5.10, the API does not validate the `x-api-key` header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the `x-api-key` header, thereby gaining unauthorized access to the server.

Affected (1)

Products: Composio: Composio
Composio
1 product
Composio
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Composio
Version 0.5.10

Related CWEs

CWE-304
Missing Critical Step in Authentication
The product implements an authentication technique, but it skips a step that weakens the technique.

References (1)

Source: security@huntr.dev
ExploitThird Party Advisory

Timeline

No history available yet.