CVE-2024-8958 Information

Description

In composiohq/composio version 0.4.3 there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths an attacker can read and write files anywhere on the server potentially leading to privilege escalation or remote code execution.

Reference

https://huntr.com/bounties/e152b094-0593-428e-b813-068d2390ce68 https://huntr.com/bounties/e152b094-0593-428e-b813-068d2390ce68