CVE-2024-53526 Information
Jan 09, 2025
cve
Description
composio >=0.5.40 is vulnerable to Command Execution in composio_openai composio_claude and composio_julep via the handle_tool_calls function.
Reference
https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/claude/composio_claude/toolset.py#L156 https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/julep/composio_julep/toolset.py#L21 https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/openai/composio_openai/toolset.py#L184 https://github.com/ComposioHQ/composio/issues/1073
Share on: