In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can directly execute user-provided commands.
The is_callable_expression function in the workstation module of AgentScope's web application contains a call to result = eval(s), where s originates from the user. The absence of any validation or sandboxing means that any expression passed as input is interpreted and executed by the Python interpreter with the privileges of the server process. The attack requires no authentication, and the vector is network-based, making the vulnerability trivial to exploit remotely.
An attacker can remotely execute arbitrary code on the server without requiring any permissions, leading to complete system compromise, data exfiltration, and potential lateral movement within the internal network.
AgentScope should be updated to a version higher than v0.0.4, in which the unsecured eval() call has been removed. If an update is not immediately possible, network access to the AgentScope workstation web interface should be blocked at the firewall level and the application should not be deployed in publicly accessible environments.
Modelscope AgentScope in versions <= v0.0.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HModelscope Agentscope
APPModelscope≤ 0.0.4
Related vulnerabilities
Błędna konfiguracja CORS w Modelscope AgentScope umożliwia nieautoryzowany dostęp do API
Path traversal umożliwiający usunięcie dowolnych plików w AgentScope
Path traversal w AgentScope umożliwia odczyt i zapis plików JSON
A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` d...
An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope ver...