Moderate severityNVD Advisory· Published Jan 8, 2025· Updated Jan 31, 2025
CVE-2024-53526
CVE-2024-53526
Description
composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
composio-claudePyPI | >= 0.5.40, < 0.6.9 | 0.6.9 |
composio-openaiPyPI | >= 0.5.40, < 0.6.9 | 0.6.9 |
composio-julepPyPI | >= 0.5.40, < 0.6.9 | 0.6.9 |
Affected products
4- composio/composiodescription
- ghsa-coords3 versions
>= 0.5.40, < 0.6.9+ 2 more
- (no CPE)range: >= 0.5.40, < 0.6.9
- (no CPE)range: >= 0.5.40, < 0.6.9
- (no CPE)range: >= 0.5.40, < 0.6.9
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-8h93-28hg-fj84ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-53526ghsaADVISORY
- github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/claude/composio_claude/toolset.pyghsaWEB
- github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/julep/composio_julep/toolset.pyghsaWEB
- github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/openai/composio_openai/toolset.pyghsaWEB
- github.com/ComposioHQ/composio/commit/f496f7fa776335ae7825cad2991c9b38923271fcghsaWEB
- github.com/ComposioHQ/composio/issues/1073ghsaWEB
- github.com/ComposioHQ/composio/pull/1107ghsaWEB
News mentions
0No linked articles in our index yet.