GHSA-mrmh-3hqh-pfw7

Suggest an improvement
Source
https://github.com/advisories/GHSA-mrmh-3hqh-pfw7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-mrmh-3hqh-pfw7/GHSA-mrmh-3hqh-pfw7.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-mrmh-3hqh-pfw7
Aliases
  • CVE-2024-8864
Published
2024-09-16T14:37:27Z
Modified
2024-09-17T21:57:24.809554Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
Composio Code Injection Vulnerability
Details

A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipulation leads to code injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

PyPI / composio-core

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.5.6

Affected versions

0.*

0.1.82
0.1.83
0.1.84
0.1.87
0.1.88
0.1.89
0.1.90
0.1.91
0.1.92
0.1.93
0.1.94
0.1.95
0.1.96
0.1.97
0.1.98
0.1.99
0.1.100
0.1.101
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.2.10
0.2.11
0.2.12
0.2.14
0.2.15
0.2.16
0.2.17
0.2.18
0.2.19
0.2.20
0.2.21
0.2.22
0.2.32
0.2.33
0.2.34
0.2.35
0.2.36rc1
0.2.36rc2
0.2.36
0.2.37
0.2.38
0.2.39
0.2.40
0.2.41
0.2.44
0.2.46
0.2.47
0.2.48
0.2.49
0.2.50
0.2.51
0.2.52
0.2.54
0.2.55
0.2.56
0.2.59
0.2.60
0.2.63
0.2.64
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.9rc1
0.3.9rc2
0.3.9rc3
0.3.9rc4
0.3.9
0.3.10
0.3.11
0.3.12
0.3.13
0.3.14
0.3.15
0.3.16
0.3.17
0.3.18rc0
0.3.18rc1
0.3.18rc2
0.3.18
0.3.19
0.3.20rc0
0.3.20rc1
0.3.20
0.3.22
0.3.23rc0
0.3.23
0.3.24
0.3.25
0.3.26
0.3.27
0.3.28
0.3.29
0.3.30
0.4.0
0.4.1
0.4.2rc1
0.4.2rc2
0.4.2
0.4.3
0.4.4
0.4.5rc0
0.4.5rc1
0.4.5
0.5.0rc0
0.5.0rc1
0.5.0rc2
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6