CVE-2024-8864

Name of the Vulnerable Software and Affected Versions: composiohq composio versions up to 0.5.6

Description: A critical vulnerability has been found in composiohq composio, affecting the Calculator function of the file python/composio/tools/local/mathematical/actions/calculator.py. This issue leads to code injection. The exploit has been disclosed to the public and may be used. There have been reports of offensive activities targeting this vulnerability. The vendor was contacted about this disclosure but did not respond.

Recommendations: For versions up to 0.5.6, patch immediately and review logs for signs of exploit. As a temporary workaround, consider disabling the Calculator function until a patch is available. Restrict access to the python/composio/tools/local/mathematical/actions/calculator.py file to minimize the risk of exploitation.