CRITICAL🇵🇱 Wersja polska

CVE-2024-8551

CVSS 9.1v3.1pub. 2025-03-20upd. 2025-08-01

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of sensitive information such as configuration files, API keys, and hardcoded passwords.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Modelscope Agentscope

    APP
    Modelscope
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2024-8487CRITICAL9.8PL ✓ten sam produkt

Błędna konfiguracja CORS w Modelscope AgentScope umożliwia nieautoryzowany dostęp do API

CVE-2024-8537CRITICAL9.1PL ✓ten sam produkt

Path traversal umożliwiający usunięcie dowolnych plików w AgentScope

CVE-2024-48050CRITICAL9.8PL ✓ten sam produkt

RCE przez niezabezpieczone eval() w Modelscope AgentScope

CVE-2024-8524HIGH7.5ten sam produkt

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit thi...

CVE-2024-8438HIGH7.5ten sam produkt

A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` d...