{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T13:54:17.009","vulnerabilities":[{"cve":{"id":"CVE-2024-8958","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:45.220","lastModified":"2025-04-01T20:30:20.887","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution."},{"lang":"es","value":"En composiohq/composio versión 0.4.3, existe una vulnerabilidad de escritura y lectura de archivos sin restricciones en las acciones de filetools. Debido a la validación incorrecta de las rutas de archivo, un atacante puede leer y escribir archivos en cualquier parte del servidor, lo que podría provocar una escalada de privilegios o la ejecución remota de código."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:composio:composio:0.4.3:*:*:*:*:*:*:*","matchCriteriaId":"17A3924D-B2D4-467A-935A-CF760AA17B7D"}]}]}],"references":[{"url":"https://huntr.com/bounties/e152b094-0593-428e-b813-068d2390ce68","source":"security@huntr.dev","tags":["Exploit"]},{"url":"https://huntr.com/bounties/e152b094-0593-428e-b813-068d2390ce68","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit"]}]}}]}