CVE-2024-8864 – This critical vulnerability in composiohq compo... (How to Fix)

Q: What is the severity of CVE-2024-8864?

CVE-2024-8864 has a CVSS score of 5.5 (MEDIUM). This critical vulnerability in composiohq composio allows remote code execution through code injection in the Calculator function. Attackers can execute arbitrary Python code on affected systems. All users running composio versions up to 0.5.6 are affected.

📋 TL;DR

This critical vulnerability in composiohq composio allows remote code execution through code injection in the Calculator function. Attackers can execute arbitrary Python code on affected systems. All users running composio versions up to 0.5.6 are affected.

💻 Affected Systems

Products:

composiohq composio

Versions: up to 0.5.6

Operating Systems: All platforms running Python

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the mathematical calculator tool functionality.

📦 What is this software?

Composio by Composio

View all CVEs affecting Composio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary commands, steal data, install malware, or pivot to other systems.

🟠

Likely Case

Unauthorized code execution leading to data theft, system manipulation, or service disruption.

🟢

If Mitigated

Limited impact if proper input validation and sandboxing are implemented, potentially preventing code execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly disclosed and the vulnerability is easy to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to any version above 0.5.6 if available, or implement workarounds.

🔧 Temporary Workarounds

Disable vulnerable calculator tool

all

Remove or disable the vulnerable calculator.py file to prevent exploitation

mv python/composio/tools/local/mathematical/actions/calculator.py calculator.py.bak

Implement input validation

all

Add strict input validation to sanitize user input before processing

🧯 If You Can't Patch

Restrict network access to composio services
Implement strict input validation and sanitization for all user inputs

🔍 How to Verify

Check if Vulnerable:

Check composio version: pip show composio | grep Version

Check Version:

pip show composio | grep Version

Verify Fix Applied:

Verify calculator.py file is removed or modified with proper input validation

📡 Detection & Monitoring

Log Indicators:

Unusual Python execution patterns
Suspicious calculator function calls
Error logs from calculator.py

Network Indicators:

Unexpected outbound connections from composio services
Suspicious payloads in HTTP requests

SIEM Query:

source="composio" AND (event="calculator" OR event="python_exec")

📊 Metadata

CVE ID: CVE-2024-8864

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-94

Published: September 15, 2024

Last Updated: September 17, 2024

🔗 References

https://rumbling-slice-eb0.notion.site/Composio-s-Local-tools-Mathematical-has-a-code-injection-risk-in-composiohq-composio-ea0e89ee10fe4edfb9a8cfeed158c765?pvs=4 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.277501 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?id.277501 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.403204 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8864, you might also want to check these: