@composio/core@0.13.1

  • latest version

    0.13.1

  • first published

    1 years ago

  • latest version published

    15 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the @composio/core package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    External Control of File Name or Path

    Affected versions of this package are vulnerable to External Control of File Name or Path via the readFileFromDisk function in tool-file-uploads.ts. An attacker can exfiltrate sensitive local files by prompt-injecting tool arguments that point the upload path at credential files such as ~/.ssh/id_rsa, ~/.aws/credentials, or .env. The CLI reads the chosen path and uploads its contents to attacker-controlled storage, exposing secrets and breaking the user’s ability to keep local credentials private.

    Notes

    • The CLI path is the duplicate local-file upload flow used by composio execute / composio run; the vulnerable read happens before any presigned-URL request, so the leak occurs even if the upload never completes.
    • The bypass is broader than a single filename check: the guard had to account for canonicalized paths and symlinks, so a link that resolves into a sensitive location is part of the exposed surface.

    How to fix External Control of File Name or Path?

    A fix was pushed into the master branch but not yet published.

    *