2 matches found
CVE-2024-8550
A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...
CVE-2024-8550
CVE-2024-8550 affects modelscope/agentscope v0.0.4, exposing a Local File Inclusion (LFI) via the /load-workflow endpoint. Root cause: improper sanitization of the filename parameter passed to os.path.join allows traversal outside the intended directory, enabling an attacker to read arbitrary ser...