CVE-2024-8864

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 15, 2024
Updated: Sep 17, 2024
CWE ID 94

Summary

CVE-2024-8864 is a critical vulnerability affecting composiohq composio versions up to 0.5.6, specifically in the Calculator function of the calculator.py file, which allows for code injection. The exploit can lead to significant integrity and confidentiality impacts, posing a high risk to organizations using the affected products, including ys6oDn and ys6oDl among others. Remediation steps should involve updating to a patched version of composio as the vendor has not responded to disclosure attempts. The vulnerability has been publicly disclosed and can be exploited with low complexity over a network without user interaction. Organizations are advised to assess their exposure and implement necessary security measures promptly due to the potential for high availability impact as well.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share