| Kura | composiohq composio <=v0.5.8(latest) arbitrary file read |
|---|
| Gaskiya | Without checking the path in this directory, information on this machine can be read. If the user starts the Composio Server service with root permissions, it may be possible to read sensitive files such as /root/.ssh/id_rsa, which are used for SSH key-based authentication, potentially allowing keyless login to the server.
The vulnerability lies in the composio\server\api.py file where there is no restriction placed on the path() function. |
|---|
| Manga | ⚠️ https://rumbling-slice-eb0.notion.site/There-is-an-arbitrary-file-read-vulnerability-at-api-download-in-composiohq-composio-f0ec1ec26a5f434a97bb1ffde435a35b?pvs=4 |
|---|
| Màdùmga | aftersnow (UID 71336) |
|---|
| Furta | 09/05/2024 14:33 (1 Shettima 전) |
|---|
| Gargajiya | 09/14/2024 07:56 (9 days later) |
|---|
| Halitta | Shingilam |
|---|
| VulDB gite | 277502 [composiohq composio har 0.5.8 composio\server\api.py path Fayil Dafiyar fayil ɗin cikin kundin ajiyar bayanai] |
|---|
| Nganji | 17 |
|---|