In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.
The mathematical_calculator endpoint accepts user input and passes it directly to the eval() function to perform mathematical operations. The eval() function interprets the passed string as code and executes it in the application context. An attacker can craft a malicious payload instead of a mathematical expression and thus trigger arbitrary code execution on the server side.
An attacker without any privileges can remotely execute arbitrary code on the server (RCE), which may result in complete system takeover, data theft, backdoor installation, or service disruption.
Patches available from the vendor should be applied according to the references. It is recommended to replace the eval() function with a secure library for parsing mathematical expressions and implement strict validation and sanitization of input data on the server side.
Composio version 0.4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HComposio
APPComposio0.4.3
Related vulnerabilities
Pominięcie uwierzytelnienia w Composio przez brak walidacji nagłówka x-api-key
Composio: nieograniczony zapis/odczyt plików prowadzący do RCE
Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive informat...
A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically ...
A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. This vulnerab...