4 matches found
CVE-2024-48050
creationtimestamp| type| source ---|---|--- 2024-11-05 01:19:04+00:00| seen| https://t.me/cvedetector/9794...
tashan-scispark (>=1.0.1 <=1.0.8) potentially affected by CVE-2024-48050 via agentscope (=0.1.0)
agentscope PYPI version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on agentscope and may be impacted: - tashan-scispark =1.0.1, =1.0.8 Source cves: CVE-2024-48050 Source advisory: OSV:GHSA-6P55-QR3J-MPGQ...
CVE-2024-48050
In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...
CVE-2024-48050
In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...