CVE-2024-8954 Information

Description

In composiohq/composio version 0.5.10 the API does not validate the x-api-key header’s value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the x-api-key header thereby gaining unauthorized access to the server.

Reference

https://huntr.com/bounties/f1e0fdce-00d7-4261-a466-923062800b12