Vulnerability Details CVE-2024-53526
composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.4%
CVSS Severity
CVSS v3 Score 6.4
References
- https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/claude/composio_claude/toolset.py#L156
- https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/julep/composio_julep/toolset.py#L21
- https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/openai/composio_openai/toolset.py#L184
- https://github.com/ComposioHQ/composio/issues/1073
Products affected by CVE-2024-53526
-
cpe:2.3:a:composio:composio:0.5.40
-
cpe:2.3:a:composio:composio:0.5.41
-
cpe:2.3:a:composio:composio:0.5.42
-
cpe:2.3:a:composio:composio:0.5.43
-
cpe:2.3:a:composio:composio:0.5.44
-
cpe:2.3:a:composio:composio:0.5.45
-
cpe:2.3:a:composio:composio:0.5.46
-
cpe:2.3:a:composio:composio:0.5.47
-
cpe:2.3:a:composio:composio:0.5.48
-
cpe:2.3:a:composio:composio:0.5.49
-
cpe:2.3:a:composio:composio:0.5.50
-
cpe:2.3:a:composio:composio:0.5.51
-
cpe:2.3:a:composio:composio:0.6.0
-
cpe:2.3:a:composio:composio:0.6.1
-
cpe:2.3:a:composio:composio:0.6.10
-
cpe:2.3:a:composio:composio:0.6.2
-
cpe:2.3:a:composio:composio:0.6.3
-
cpe:2.3:a:composio:composio:0.6.4
-
cpe:2.3:a:composio:composio:0.6.5
-
cpe:2.3:a:composio:composio:0.6.6
-
cpe:2.3:a:composio:composio:0.6.7
-
cpe:2.3:a:composio:composio:0.6.8
-
cpe:2.3:a:composio:composio:0.6.9