CVE-2024-8953 HIGH

CVE-2024-8953: Unsafe eval usage in composiohq/composio

Vendor Composiohq
Product composiohq/composio
Weakness CWE-627
Published March 20, 2025
Last update March 20, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
March 20, 2025 Record updated