CVE-2024-8954

NONE EPSS 52.5%
Published Mar 20, 20251y ago · Modified Jun 17, 20261w ago
Find Similar
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In composiohq/composio version 0.5.10, the API does not validate the `x-api-key` header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the `x-api-key` header, thereby gaining unauthorized access to the server.

Threat Intelligence

EPSS Exploit Probability
52.5% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-304

Affected Products 1

VendorProductVersionRange
composiocomposio0.5.10any

References 1

  • huntr.com https://huntr.com/bounties/f1e0fdce-00d7-4261-a466-923062800b12
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.