CRITICAL🇵🇱 Wersja polska

CVE-2024-8537

CVSS 9.1v3.0pub. 2025-03-20upd. 2025-08-01

A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling the attacker to manipulate file paths and delete sensitive files outside of the intended directory.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  • Modelscope Agentscope

    APP
    Modelscope
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2024-8487CRITICAL9.8PL ✓ten sam produkt

Błędna konfiguracja CORS w Modelscope AgentScope umożliwia nieautoryzowany dostęp do API

CVE-2024-8551CRITICAL9.1PL ✓ten sam produkt

Path traversal w AgentScope umożliwia odczyt i zapis plików JSON

CVE-2024-48050CRITICAL9.8PL ✓ten sam produkt

RCE przez niezabezpieczone eval() w Modelscope AgentScope

CVE-2024-8524HIGH7.5ten sam produkt

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit thi...

CVE-2024-8438HIGH7.5ten sam produkt

A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` d...