174 matches found
EUVD-2025-5038
Malicious code in bioql PyPI...
EUVD-2025-6907
Malicious code in bioql PyPI...
EUVD-2025-6894
Malicious code in bioql PyPI...
CVE-2024-48050
In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...
Remote Code Execution (RCE)
agentscope is vulnerable to Remote code execution RCE. The vulnerability is due to improper handling of serialized input, which is deserialized using dill.loads without validation, allowing execution of arbitrary commands...
Origin Validation Error
AgentScope is vulnerable to Origin Validation Error. The vulnerability is due to improper access control due to the server not properly restricting access to trusted origins, allowing any external domain to make API requests, leading to unauthorized data access and potential exploitation...
Directory Traversal
agentscope is vulnerable to Directory Traversal. The vulnerability is due to improper validation of user-supplied file paths in the /read-examples endpoint, allowing attackers to traverse directories and access arbitrary JSON files...
Path Traversal
agentscope is vulnerable to Path traversal. The vulnerability is due to improper input validation in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files outside the intended directory...
CVE-2024-8556
A stored cross-site scripting XSS vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string run ID is appended and rendered as HTML. This allows ...
CVE-2024-8438
A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint /api/file does not properly sanitize the path parameter, allowing an attacker to read arbitrary files on the server...
CVE-2024-8551
A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...
CVE-2024-8524
A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...
CVE-2024-8487
A Cross-Origin Resource Sharing CORS vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can lead to unauthorized dat...
CVE-2024-8489
A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...
Directory Traversal
Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Directory Traversal through the path parameter due to improper input sanitization. An attacker can read arbitrary files on the server by manipulating the input to...
tashan-scispark (>=1.0.1 <=1.0.8) potentially affected by CVE-2024-8537 via agentscope (=0.1.0)
agentscope PYPI version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on agentscope and may be impacted: - tashan-scispark =1.0.1, =1.0.8 Source cves: CVE-2024-8537 Source advisory: SNYK:PYTHON-AGENTSCOPE-9511367...
tashan-scispark (>=1.0.1 <=1.0.8) potentially affected by CVE-2024-8537 via agentscope (=0.1.0)
agentscope PYPI version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on agentscope and may be impacted: - tashan-scispark =1.0.1, =1.0.8 Source cves: CVE-2024-8537 Source advisory: OSV:GHSA-C4CC-W454-4634...
Directory Traversal
Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Directory Traversal via the downloadfile method. An attacker can access sensitive information, including configuration files and credentials, by exploiting this...
Deserialization of Untrusted Data
Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the AgentServerServicer.createagent method. An attacker can execute arbitrary commands on the server by deserializing untrust...
Relative Path Traversal
Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Relative Path Traversal through the save-workflow functionality. An attacker can write arbitrary JSON files on the filesystem by exploiting this vulnerability. PoC...