CNNVD-202512-509 Information

CNNVD ID

CNNVD-202512-509

Related CVE

CVE-2025-56427

• CNNVD Published: 2025-12-04

Description (Chinese)

Composio SDK是Composio开源的一个开发者工具包。 Composio SDK 0.7.20版本存在安全漏洞，该漏洞源于_download_file_or_dir函数存在路径遍历，可能导致敏感信息泄露。

Description (English)

Compio SDK is an open-source developer toolkit for Composio. The Composio SDK version 0.7.20 contains a security loophole that stems from the existence of the download file or dir function, which can lead to the disclosure of sensitive information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Composio

Published

2025-12-04

Last Modified

2026-02-24

References

https://github.com/ComposioHQ/composio/blob/master/python/composio/server/api.py#L278 https://github.com/TOAST-Research/pocs/blob/main/composio/composio_1.md

Patch

https://github.com/ComposioHQ/composio/releases