ByteOS Network

NVD Vulnerability Details :

CVE-2024-8953

Analyzed

Source-security@huntr.dev

Published At-20 Mar, 2025 | 10:15

Updated At-01 Apr, 2025 | 20:30

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.0	7.2	HIGH	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.0

Base score: 7.2

Base severity: HIGH

Vector:

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CPE Matches

composio>>composio>>0.4.3

cpe:2.3:a:composio:composio:0.4.3:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-627	Secondary	security@huntr.dev
CWE-913	Primary	nvd@nist.gov

CWE ID: CWE-627

Type: Secondary

Source: security@huntr.dev

CWE ID: CWE-913

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c	security@huntr.dev	Exploit
https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c	134c704f-9b21-4f2e-91b3-4a467353bcc0	Exploit

Hyperlink: https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c

Source: security@huntr.dev

Resource:

Exploit

Hyperlink: https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource:

Exploit

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History