CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-53526: composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function.

Description

composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function.

Classification

CVE ID: CVE-2024-53526

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.83% (scored less or equal to compared to others)

EPSS Date: 2025-02-06 (when was this score calculated)

References

https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/openai/composio_openai/toolset.py#L184
https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/claude/composio_claude/toolset.py#L156
https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/julep/composio_julep/toolset.py#L21
https://github.com/ComposioHQ/composio/issues/1073

Timeline