Vulnerabilities > CVE-2024-8958 - Unspecified vulnerability in Composio 0.4.3

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

composio

critical

NVD

Published: 2025-03-20

Updated: 2025-04-01

Summary

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Composio Composio Composio 0.4.3	1

References

https://huntr.com/bounties/e152b094-0593-428e-b813-068d2390ce68
https://huntr.com/bounties/e152b094-0593-428e-b813-068d2390ce68