CVE-2024-8865

Summary

CVE-2024-8865 is a path traversal vulnerability affecting composiohq composio versions up to 0.5.8, specifically in the function path of the file composio/server/api.py. This flaw allows for manipulation of the argument file, potentially leading to unauthorized access to files within the server's directory structure. The exploit has been publicly disclosed, and it poses a low severity risk with a CVSS base score of 3.5, characterized by low privileges required and no user interaction necessary for exploitation. To remediate this vulnerability, users should update to a patched version of composio if available; however, as of now, the vendor has not responded regarding the issue. The potential danger includes partial confidentiality loss as attackers could access sensitive files through adjacent network access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.