151 matches found
CVE-2024-8524 Directory Traversal in modelscope/agentscope
A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...
CVE-2024-8524 Directory Traversal in modelscope/agentscope
A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...
CVE-2024-8524
CVE-2024-8524 concerns modelscope/agentscope v0.0.4, where a directory traversal vulnerability allows an attacker to read arbitrary local JSON files via a crafted POST to the /read-examples endpoint. Affected component: agentscope (Python package) in the modelscope project; vulnerability arises f...
CVE-2024-8537 Path Traversal in modelscope/agentscope
A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling t...
CVE-2024-8537
CVE-2024-8537 describes a path traversal vulnerability in modelscope/agentscope affecting the /delete-workflow endpoint, enabling an attacker to delete arbitrary files due to improper input validation. The issue is reported across multiple feeds (Veracode, Snyk, GHSA/OSV/CVE listings) with PoC-li...
CVE-2024-8537 Path Traversal in modelscope/agentscope
A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling t...
CVE-2024-8551 Path Traversal in modelscope/agentscope
A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...
CVE-2024-8551 Path Traversal in modelscope/agentscope
A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...
CVE-2024-8551
CVE-2024-8551 : A path traversal vulnerability affects modelscope/agentscope in the save-workflow and load-workflow functionality, present in versions prior to the fix. An attacker can read and write arbitrary JSON files on the filesystem, potentially exposing or modifying sensitive data (config ...
CVE-2024-8438
Summary: CVE-2024-8438 describes a path traversal in modelscope/agentscope v0.0.4 where the /api/file endpoint does not sanitize the path parameter, enabling reading arbitrary server files. The underlying impact is information disclosure with a high severity (CVSS3/7.5) but no exploitation detail...
CVE-2024-8438 Path Traversal in modelscope/agentscope
A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint /api/file does not properly sanitize the path parameter, allowing an attacker to read arbitrary files on the server...
CVE-2024-8438 Path Traversal in modelscope/agentscope
A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint /api/file does not properly sanitize the path parameter, allowing an attacker to read arbitrary files on the server...
CVE-2024-8502 Remote Code Execution via Deserialization in modelscope/agentscope
A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution RCE via deserialization of untrusted data using the dill library. The issue occurs in the AgentServerServicer.createagent method, where serialized input is deserialized using...
CVE-2024-8502 Remote Code Execution via Deserialization in modelscope/agentscope
A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution RCE via deserialization of untrusted data using the dill library. The issue occurs in the AgentServerServicer.createagent method, where serialized input is deserialized using...
CVE-2024-8502
CVE-2024-8502 affects modelscope/agentscope (v0.0.6a3). The RpcAgentServerLauncher.AgentServerServicer.create_agent path deserializes untrusted input with dill.loads, enabling remote code execution. Impact is described as arbitrary commands execution on the server; CVE is reported across multiple...
CVE-2024-8489 CSRF due to overly permissive CORS headers in modelscope/agentscope
A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...
CVE-2024-8489 CSRF due to overly permissive CORS headers in modelscope/agentscope
A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...
CVE-2024-8501 Arbitrary File Download in modelscope/agentscope
An arbitrary file download vulnerability exists in the rpcagentclient component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpcagent's host by exploiting the downloadfile method. This can lead to unauthorized access to sensitive...
CVE-2024-8501 Arbitrary File Download in modelscope/agentscope
An arbitrary file download vulnerability exists in the rpcagentclient component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpcagent's host by exploiting the downloadfile method. This can lead to unauthorized access to sensitive...
AgentScope 安全漏洞
AgentScope is a ModelScope open source application. Build LLM-based multi-intelligence applications more simply. A security vulnerability exists in AgentScope version v0.0.4 that stems from a CORS configuration that does not properly restrict access, allowing any external domain to make requests ...