CVE-2024-8958

Published: Mar 20, 2025Modified: Apr 1, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution.

Affected (1)

Products: Composio: Composio

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Composio Composio	Version 0.4.3

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://huntr.com/bounties/e152b094-0593-428e-b813-068d2390ce68

Source: security@huntr.dev

Exploit

https://huntr.com/bounties/e152b094-0593-428e-b813-068d2390ce68

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Exploit

Timeline

No history available yet.