CVE-2024-8954

Name of the Vulnerable Software and Affected Versions composiohq/composio version 0.5.10

Description The issue arises from the API's failure to validate the x-api-key header's value during authentication. This allows an attacker to bypass authentication by providing any random value in the x-api-key header, resulting in unauthorized access to the server.

Recommendations For composiohq/composio version 0.5.10, consider implementing proper validation of the x-api-key header to prevent unauthorized access. As a temporary workaround, restrict access to sensitive areas of the server until a patch is available.