CVE-2024-53526
composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function.
| Software | From | Fixed in |
|---|---|---|
composio-claude
|
0.5.40 | 0.6.9 |
|
composio-openai
|
0.5.40 | 0.6.9 |
|
composio-julep
|
0.5.40 | 0.6.9 |
| composio / composio | 0.5.40 | 0.5.40.x |
- https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/claude/composio_claude/toolset.py#L156
- https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/julep/composio_julep/toolset.py#L21
- https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/openai/composio_openai/toolset.py#L184
- https://github.com/ComposioHQ/composio/commit/f496f7fa776335ae7825cad2991c9b38923271fc
- https://github.com/ComposioHQ/composio/issues/1073
- https://github.com/ComposioHQ/composio/pull/1107
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime