3 matches found
tashan-scispark (>=1.0.1 <=1.0.8) potentially affected by CVE-2024-8551 via agentscope (=0.1.0)
agentscope PYPI version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on agentscope and may be impacted: - tashan-scispark =1.0.1, =1.0.8 Source cves: CVE-2024-8551 Source advisory: OSV:GHSA-J9RW-QM5F-R8XM...
CVE-2024-8551
creationtimestamp| type| source ---|---|--- 2025-03-20 11:40:43+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmhsu3in2u...
CVE-2024-8551
A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...