mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
134 lines
5.4 KiB
JSON
134 lines
5.4 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-8864",
|
|
"ASSIGNER": "cna@vuldb.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipulation leads to code injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
|
|
},
|
|
{
|
|
"lang": "deu",
|
|
"value": "In composiohq composio bis 0.5.6 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft die Funktion Calculator der Datei python/composio/tools/local/mathematical/actions/calculator.py. Durch Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Code Injection",
|
|
"cweId": "CWE-94"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "composiohq",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "composio",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "0.5.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "0.5.1"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "0.5.2"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "0.5.3"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "0.5.4"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "0.5.5"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "0.5.6"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://vuldb.com/?id.277501",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?id.277501"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?ctiid.277501",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?ctiid.277501"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?submit.403204",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?submit.403204"
|
|
},
|
|
{
|
|
"url": "https://rumbling-slice-eb0.notion.site/Composio-s-Local-tools-Mathematical-has-a-code-injection-risk-in-composiohq-composio-ea0e89ee10fe4edfb9a8cfeed158c765?pvs=4",
|
|
"refsource": "MISC",
|
|
"name": "https://rumbling-slice-eb0.notion.site/Composio-s-Local-tools-Mathematical-has-a-code-injection-risk-in-composiohq-composio-ea0e89ee10fe4edfb9a8cfeed158c765?pvs=4"
|
|
}
|
|
]
|
|
},
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "aftersnow (VulDB User)"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"baseScore": 5.5,
|
|
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
{
|
|
"version": "3.0",
|
|
"baseScore": 5.5,
|
|
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
{
|
|
"version": "2.0",
|
|
"baseScore": 5.2,
|
|
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
|
|
}
|
|
]
|
|
}
|
|
} |