Vulnerabilities > CVE-2024-8952 - Unspecified vulnerability in Composio 0.4.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

composio

NVD

Published: 2025-03-20

Updated: 2025-04-01

Summary

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system.

Vulnerable Configurations

Part	Description	Count
Application	Composio Composio Composio 0.4.2	1

References

https://huntr.com/bounties/d1acdd38-10d7-45df-9df0-9fc71f0e1c2a
https://huntr.com/bounties/d1acdd38-10d7-45df-9df0-9fc71f0e1c2a