CVE-2024-53526

Description

composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function.

How to fix CVE-2024-53526

To remediate CVE-2024-53526, upgrade the affected package to a fixed version below.

• PyPI/composio-claude—upgrade to 0.6.9 or later
• PyPI/composio-julep—upgrade to 0.6.9 or later
• —upgrade to 0.6.9 or later

Is CVE-2024-53526 being exploited?

Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

• >= 0.5.40, < 0.6.9
• >= 0.5.40, < 0.6.9
• >= 0.5.40, < 0.6.9

CVSS scores

References (8)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-53526
• PATCHgithub.com/ComposioHQ/composio
• WEBgithub.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/claude/composio_claude/toolset.py#L156
• WEBgithub.com