GHSA-6P55-QR3J-MPGQ AgentScope uses `eval`

In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...

Eval Injection

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Eval Injection via the result = evals field of the iscallableexpression function in the agentscope\web\workstation\workflowutils.py file. An attacker can execute...

PYSEC-2024-262

In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...

PT-2024-32970 · Unknown · Agentscope

Name of the Vulnerable Software and Affected Versions: agentscope versions 0.0.0 through 0.0.4 Description: The issue is related to the function is callable expression in the file agentscopewebworkstationworkflow utils.py. This function contains the line result = evals, which poses a security ris...