VYPR
Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025

Authentication Bypass in composiohq/composio

CVE-2024-8954

Description

In composiohq/composio version 0.5.10, the API does not validate the x-api-key header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the x-api-key header, thereby gaining unauthorized access to the server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Composiohq/Composiollm-fuzzy2 versions
    = 0.5.10+ 1 more
    • (no CPE)range: = 0.5.10
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.