CVE-2024-8865

Name of the Vulnerable Software and Affected Versions: composiohq composio versions up to 0.5.8

Description: A vulnerability was found in composiohq composio, classified as problematic. The issue affects the function path of the file composioserverapi.py. The manipulation of the file argument leads to path traversal. The vendor was contacted about this disclosure but did not respond. Elevated activities targeting this issue have been observed.

Recommendations: For versions up to 0.5.8, as a temporary workaround, consider restricting access to the vulnerable function path in the composioserverapi.py file until a patch is available. Avoid using the file argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.