CVE-2024-8438

High CVSS: 7.5

A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not properly sanitize the `path` parameter, allowing an attacker to read arbitrary files on the server.

Vendor

Modelscope

Product

Agentscope

CWE

CWE-22

Yayın Tarihi

2025-03-20 10:15:42

Güncelleme

2025-08-01 01:49:54

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-22 Agentscope HIGH Modelscope 2025

Referanslar

https://huntr.com/bounties/3f170c58-42ee-422d-ab6f-32c7aa05b974

Benzer Kayıtlar

Critical

CVE-2024-8551

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope vers…

Medium

CVE-2024-8556

A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on th…

Critical

CVE-2024-8487

A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configurat…

High

CVE-2024-8501

An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.…

High

CVE-2024-8524

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerab…

Critical

CVE-2024-8537

A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerabilit…