150 matches found
AgentScope 安全漏洞
AgentScope is a ModelScope open source application. Build LLM-based multi-intelligence applications more simply. A security vulnerability exists in AgentScope that stems from the presence of path traversal in the /delete-workflow endpoint, which allows an attacker to delete arbitrary files in the...
CVE-2024-8550
A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...
PYSEC-2025-84
A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...
CVE-2024-8550
A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...
CVE-2024-8550
A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...
PYSEC-2025-84
A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...
CVE-2024-8550 Local File Inclusion (LFI) in modelscope/agentscope
A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...
CVE-2024-8550
CVE-2024-8550 affects modelscope/agentscope v0.0.4, exposing a Local File Inclusion (LFI) via the /load-workflow endpoint. Root cause: improper sanitization of the filename parameter passed to os.path.join allows traversal outside the intended directory, enabling an attacker to read arbitrary ser...
CVE-2024-8550 Local File Inclusion (LFI) in modelscope/agentscope
A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...
PT-2024-39089 · Unknown · Modelscope/Agentscope
Name of the Vulnerable Software and Affected Versions: modelscope/agentscope version v0.0.4 Description: A Local File Inclusion LFI vulnerability exists in the "/load-workflow" endpoint, allowing an attacker to read arbitrary files from the server, including sensitive files such as API keys, by...