3 matches found
PYSEC-2026-253 AgentScope Deserialization Vulnerability
A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution RCE via deserialization of untrusted data using the dill library. The issue occurs in the AgentServerServicer.createagent method, where serialized input is deserialized using...
CVE-2024-8502
A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution RCE via deserialization of untrusted data using the dill library. The issue occurs in the AgentServerServicer.createagent method, where serialized input is deserialized using...
Deserialization of Untrusted Data
Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the AgentServerServicer.createagent method. An attacker can execute arbitrary commands on the server by deserializing untrust...