2 matches found
CVE-2024-8502 Remote Code Execution via Deserialization in modelscope/agentscope
A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution RCE via deserialization of untrusted data using the dill library. The issue occurs in the AgentServerServicer.createagent method, where serialized input is deserialized using...
CVE-2024-8502
CVE-2024-8502 affects modelscope/agentscope (v0.0.6a3). The RpcAgentServerLauncher.AgentServerServicer.create_agent path deserializes untrusted input with dill.loads, enabling remote code execution. Impact is described as arbitrary commands execution on the server; CVE is reported across multiple...