CVE-2024-8955
HIGHComposio 0.4.4 BrowserTool Actions - Server-Side Request Forgery File Read
Title source: manualDescription
A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOL_GOTO_PAGE and BROWSERTOOL_GET_PAGE_DETAILS actions.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://huntr.com/bounties/13bc0399-2d9b-449e-95f2-6e9a7e39383d
Scores
CVSS v3
7.5
EPSS
0.0014
EPSS Percentile
34.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (2)
composio/composio
0.4.4
pypi/composio-core
0PyPI
Published
Mar 20, 2025
Tracked Since
Feb 18, 2026