High severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025
Unsafe eval usage in composiohq/composio
CVE-2024-8953
Description
In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
composio-corePyPI | < 0.5.43 | 0.5.43 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-5xg7-5662-8x7jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-8953ghsaADVISORY
- github.com/ComposioHQ/composio/blob/b932d99e67f0fe95f8a0a24be9352e3f99059bc3/python/composio/tools/local/mathematical/actions/calculator.pyghsaWEB
- github.com/ComposioHQ/composio/commit/ed82fb45dc9fbd7f07c535c72bada871c158ae5fghsaWEB
- huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420cghsaWEB
News mentions
0No linked articles in our index yet.