CVE-2024-8524

High CVSS: 7.5

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint.

Vendor

Modelscope

Product

Agentscope

CWE

CWE-22

Yayın Tarihi

2025-03-20 10:15:42

Güncelleme

2025-10-15 13:15:54

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-22 Agentscope HIGH Modelscope 2025

Referanslar

https://huntr.com/bounties/cc4acf33-700d-4220-8a8a-db28f5c4cc8f https://huntr.com/bounties/cc4acf33-700d-4220-8a8a-db28f5c4cc8f

Benzer Kayıtlar

Critical

CVE-2024-8551

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope vers…

Medium

CVE-2024-8556

A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on th…

High

CVE-2024-8438

A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not pr…

Critical

CVE-2024-8487

A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configurat…

High

CVE-2024-8501

An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.…

Critical

CVE-2024-8537

A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerabilit…