Lucene search
K

4559 matches found

OSV
OSV
added 2025/03/20 12:32 p.m.5 views

GHSA-J9RW-QM5F-R8XM AgentScope path traversal vulnerability in save-workflow

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...

9.1CVSS6.7AI score0.0091EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.13 views

AgentScope path traversal vulnerability in save-workflow

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...

9.1CVSS6.5AI score0.0091EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/03/20 10:15 a.m.13 views

CVE-2025-0508

A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This...

5.9CVSS7.1AI score
Exploits0References2
NVD
NVD
added 2025/03/20 10:15 a.m.22 views

CVE-2025-0508

A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This...

5.9CVSS0.00247EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 10:15 a.m.11 views

CVE-2024-9096

In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to modify checklists by sending a PATCH request. The route lacks proper access control, such as middleware to ensure that only authorized users e.g., project owners or admins can modify checklist data. This...

7.1CVSS6.9AI score0.0048EPSS
Exploits1References2
NVD
NVD
added 2025/03/20 10:15 a.m.5 views

CVE-2024-8537

A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling t...

9.1CVSS0.00953EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.12 views

CVE-2024-8156

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...

9.8CVSS0.01666EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:15 a.m.10 views

CVE-2024-8156

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...

9.8CVSS7.5AI score
Exploits0References2
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.35 views

CVE-2025-0508 MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk

A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This...

5.9CVSS0.00247EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.7 views

CVE-2025-0508 MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk

A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This...

5.9CVSS5.7AI score0.00247EPSS
Exploits0References2
CVE
CVE
added 2025/03/20 10:11 a.m.57 views

CVE-2025-0508

CVE-2025-0508 affects the SageMaker Workflow component in aws/sagemaker-python-sdk, with MD5 hash collisions across all versions leading to potential workflow replacements and integrity issues in pipelines. The issue is documented across multiple feeds (including Red Hat, OSV, circl, and CVE list...

5.9CVSS5.8AI score0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.21 views

CVE-2024-8156 Command Injection in significant-gravitas/autogpt

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...

8.8CVSS0.01666EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.7 views

CVE-2024-8156 Command Injection in significant-gravitas/autogpt

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...

8.8CVSS8.8AI score0.01666EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:9 a.m.49 views

CVE-2024-8156

CVE-2024-8156 describes a command injection in the workflow-checker.yml of significant-gravitas/autogpt. The vulnerability arises from insecure use of untrusted input github.head.ref, allowing an attacker to inject arbitrary commands. Affected: significant-gravitas/autogpt, all versions up to the...

9.8CVSS8.8AI score0.01666EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.2 views

AutoGPT 安全漏洞

AutoGPT is a tool from AutoGPT Open Source. It is used to enable everyone to use and build accessible AI. AutoGPT suffers from a security vulnerability that stems from the presence of command injection in the workflow-checker.yml workflow, which allows an attacker to inject arbitrary commands by...

9.8CVSS9AI score0.01666EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.3 views

PT-2025-12221 · Significant Gravitas · Autogpt

Name of the Vulnerable Software and Affected Versions: significant-gravitas/autogpt versions up to and including the latest version Description: A command injection issue exists due to the insecure use of untrusted user input github.head.ref in the workflow-checker.yml workflow. This allows an...

9.8CVSS8.9AI score0.01666EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.7 views

PT-2025-12236

Name of the Vulnerable Software and Affected Versions modelscope/agentscope versions prior to the fix Description A path traversal vulnerability exists in the save-workflow and load-workflow functionality. This vulnerability allows an attacker to read and write arbitrary JSON files on the...

9.1CVSS7.5AI score0.0091EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

AgentScope 安全漏洞

AgentScope is a ModelScope open source application. Build LLM-based multi-intelligence applications more simply. AgentScope has a security vulnerability that stems from the existence of path traversal in the save-workflow and load-workflow functions, which allows an attacker to read and write...

9.1CVSS9AI score0.0091EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

AgentScope 安全漏洞

AgentScope is a ModelScope open source application. Build LLM-based multi-intelligence applications more simply. A security vulnerability exists in AgentScope that stems from the presence of path traversal in the /delete-workflow endpoint, which allows an attacker to delete arbitrary files in the...

9.1CVSS9AI score0.00953EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.6 views

sagemaker-python-sdk 安全漏洞

sagemaker-python-sdk is an Amazon Web Services open source library for training and deploying machine learning models on Amazon SageMaker. A security vulnerability exists in sagemaker-python-sdk that stems from an MD5 hash collision in the SageMaker Workflow component that could result in workflo...

5.9CVSS5.7AI score0.00247EPSS
Exploits0References2
Rows per page
Query Builder