cvelist/2024/8xxx/CVE-2024-8958.json

87 lines
2.9 KiB
JSON
Raw Normal View History

2024-09-17 20:00:34 +00:00
{
2025-03-20 11:01:02 +00:00
"data_version": "4.0",
2024-09-17 20:00:34 +00:00
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-8958",
2025-03-20 11:01:02 +00:00
"ASSIGNER": "security@huntr.com",
"STATE": "PUBLIC"
2024-09-17 20:00:34 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
2025-03-20 11:01:02 +00:00
"value": "In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "composiohq",
"product": {
"product_data": [
{
"product_name": "composiohq/composio",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "latest"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.com/bounties/e152b094-0593-428e-b813-068d2390ce68",
"refsource": "MISC",
"name": "https://huntr.com/bounties/e152b094-0593-428e-b813-068d2390ce68"
}
]
},
"source": {
"advisory": "e152b094-0593-428e-b813-068d2390ce68",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH"
2024-09-17 20:00:34 +00:00
}
]
}
}