ГлавнаяУязвимости → CVE-2024-8953
9.8критическая

CVE-2024-8953

Описание

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.

Затрагиваемое ПО
Composio Composio
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420chttps://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c