Unrestricted File Write and Read Vulnerability in Composio by ComposioHQ
CVE-2024-8958
9.8CRITICAL
What is CVE-2024-8958?
In version 0.4.3 of Composio, developed by ComposioHQ, a crucial vulnerability allows for unrestricted file write and read actions due to inadequate validation of file paths. This flaw enables an attacker to manipulate files on the server freely, risking unauthorized access to sensitive data and the potential for privilege escalation or remote code execution. It's essential to secure this vulnerability promptly to protect your system from exploitation.
Affected Version(s)
composiohq/composio <= unspecified
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
CVSS V3.0
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
