CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-8953: Unsafe eval usage in composiohq/composio

7.2 CVSS

Description

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.

Classification

CVE ID: CVE-2024-8953

CVSS Base Severity: HIGH

CVSS Base Score: 7.2

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-627 Dynamic Variable Evaluation

Affected Products

Vendor: composiohq

Product: composiohq/composio

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 27.08% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-8953
https://huntr.com/bounties/8203d721-e05f-4500-a5bc-c0bec980420c

Timeline

2025-03-20 11:40:43 UTC
CVE

Unsafe eval usage in composiohq/composio