GHSA-5xg7-5662-8x7j
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5xg7-5662-8x7j
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-5xg7-5662-8x7j/GHSA-5xg7-5662-8x7j.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5xg7-5662-8x7j
- Aliases
- Published
- 2025-03-20T12:32:49Z
- Modified
- 2025-03-22T00:45:41.578879Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Composio Eval Injection Vulnerability
- Details
-
In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.
- Database specific
{ "nvd_published_at": "2025-03-20T10:15:44Z", "cwe_ids": [ "CWE-627" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2025-03-22T00:19:04Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-8953
- https://github.com/ComposioHQ/composio/commit/ed82fb45dc9fbd7f07c535c72bada871c158ae5f
- https://github.com/ComposioHQ/composio-js
- https://github.com/ComposioHQ/composio/blob/b932d99e67f0fe95f8a0a24be9352e3f99059bc3/python/composio/tools/local/mathematical/actions/calculator.py#L37
- https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c
Affected packages
PyPI / composio-core
Package
- Name
- composio-core
- View open source insights on deps.dev
- Purl
- pkg:pypi/composio-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.5.43
Affected versions
0.*
0.1.82
0.1.83
0.1.84
0.1.87
0.1.88
0.1.89
0.1.90
0.1.91
0.1.92
0.1.93
0.1.94
0.1.95
0.1.96
0.1.97
0.1.98
0.1.99
0.1.100
0.1.101
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.2.10
0.2.11
0.2.12
0.2.14
0.2.15
0.2.16
0.2.17
0.2.18
0.2.19
0.2.20
0.2.21
0.2.22
0.2.32
0.2.33
0.2.34
0.2.35
0.2.36rc1
0.2.36rc2
0.2.36
0.2.37
0.2.38
0.2.39
0.2.40
0.2.41
0.2.44
0.2.46
0.2.47
0.2.48
0.2.49
0.2.50
0.2.51
0.2.52
0.2.54
0.2.55
0.2.56
0.2.59
0.2.60
0.2.63
0.2.64
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.9rc1
0.3.9rc2
0.3.9rc3
0.3.9rc4
0.3.9
0.3.10
0.3.11
0.3.12
0.3.13
0.3.14
0.3.15
0.3.16
0.3.17
0.3.18rc0
0.3.18rc1
0.3.18rc2
0.3.18
0.3.19
0.3.20rc0
0.3.20rc1
0.3.20
0.3.22
0.3.23rc0
0.3.23
0.3.24
0.3.25
0.3.26
0.3.27
0.3.28
0.3.29
0.3.30
0.4.0
0.4.1
0.4.2rc1
0.4.2rc2
0.4.2
0.4.3
0.4.4
0.4.5rc0
0.4.5rc1
0.4.5
0.5.0rc0
0.5.0rc1
0.5.0rc2
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.5.9
0.5.10
0.5.11
0.5.12
0.5.13
0.5.14
0.5.15
0.5.16
0.5.17
0.5.18
0.5.19
0.5.20
0.5.21
0.5.22
0.5.23
0.5.24
0.5.25
0.5.26
0.5.27
0.5.28
0.5.30
0.5.31
0.5.33
0.5.34
0.5.35
0.5.36
0.5.37rc1
0.5.37
0.5.38rc2
0.5.38
0.5.39
0.5.40
0.5.41
0.5.42