Expected Behavior Violation

Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Expected Behavior Violation via to the utilities.py component. An attacker can cause integrity problems within the pipeline, potentially leading ...

GHSA-6P55-QR3J-MPGQ AgentScope uses `eval`

In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...

CVE-2024-48050

In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...

PYSEC-2024-262

In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...