AI Threat Alert
Published January 8, 2025
composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| composio-claude | pip | >= 0.5.40, < 0.6.9 | 0.6.9 |
| composio-julep | pip | >= 0.5.40, < 0.6.9 | 0.6.9 |
| composio-openai | pip | >= 0.5.40, < 0.6.9 | 0.6.9 |
Severity & Risk
CVSS 3.1
6.4 / 10
EPSS
0.8%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A
Recommended Action
Patch available
Update composio-claude to version 0.6.9
Update composio-julep to version 0.6.9
Update composio-openai to version 0.6.9
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N References
- github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/claude/composio_claude/toolset.py
- github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/julep/composio_julep/toolset.py
- github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/openai/composio_openai/toolset.py
- github.com/ComposioHQ/composio/commit/f496f7fa776335ae7825cad2991c9b38923271fc
- github.com/ComposioHQ/composio/issues/1073
- github.com/ComposioHQ/composio/pull/1107
- github.com/advisories/GHSA-8h93-28hg-fj84
- nvd.nist.gov/vuln/detail/CVE-2024-53526
Timeline
Published
January 8, 2025
Last Modified
January 31, 2025
First Seen
March 24, 2026