Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the _download_file_or_dir function.
Analysis
Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the _download_file_or_dir function.
Technical ContextAI
Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Information Exposure (CWE-200).
RemediationAI
Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.
In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform ma
In composiohq/composio version 0.5.10, the API does not validate the `x-api-key` header's value during the authenticatio
A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. Rated high severity (CV
A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Rated medium severity (CVSS
A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Rated medium severity (CVS
In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools action
A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /ap
composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the han
Same weakness CWE-200 – Information Exposure
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-201168
GHSA-3mwv-j45g-vp3w