Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Server-side Request Forgery (SSRF) vulnerabilities in an interactive lesson.
Start learningThere is no fixed version for composio-core
.
composio-core is a Core package to act as a bridge between composio platform and other services.
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT
endpoint. An attacker with high privileges can read files, access AWS metadata, and interact with local services on the system by sending crafted requests to the affected endpoint.