From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Tool Name: Composio's Local tools Mathematical - Vulnerability Name: code injection risk - Vulnerability Location: composiohq/composio 2. Description: - Credit: Aftersnows@360 Vulnerability Research Institute - Vulnerability Details: In the Calculator class, there is no restriction on user request input, which may lead to malicious code being injected and executed within the function. 3. Code Example: 4. Attack Scenario: - When using an AI framework, the framework utilizes Composio's local tool MATHEMATICAL to execute mathematical expressions (such as addition, subtraction, multiplication, division, etc.). - Attackers can inject malicious code by inputting malicious formulas into the AI model, thereby executing arbitrary code during the AI framework's runtime and potentially gaining server privileges. - This is similar to common AI risks, where prompt injection can lead to command execution. This information indicates that the vulnerability allows malicious code to be injected and executed via mathematical calculation formulas, potentially leading to privilege escalation on the server.