CVE-2024-8952

Name of the Vulnerable Software and Affected Versions composiohq/composio version v0.4.2

Description A Server-Side Request Forgery (SSRF) issue exists, specifically in the "/api/actions/execute/WEBTOOL SCRAPE WEBSITE CONTENT" endpoint. This allows an attacker to read files, access AWS metadata, and interact with local services on the system.

Recommendations For version v0.4.2, consider disabling access to the "/api/actions/execute/WEBTOOL SCRAPE WEBSITE CONTENT" endpoint until a patch is available. Restrict interactions with local services and limit access to AWS metadata to minimize the risk of exploitation.