Agentscope Security Vulnerabilities and Issues — Agentscope CVE List

ModelscopeAgentscope

9 matches found

CVE•added 2025/02/10 6:50 p.m.•89 views

CVE-2024-8550

CVE-2024-8550 affects modelscope/agentscope v0.0.4, exposing a Local File Inclusion (LFI) via the /load-workflow endpoint. Root cause: improper sanitization of the filename parameter passed to os.path.join allows traversal outside the intended directory, enabling an attacker to read arbitrary ser...

7.5CVSS7.4AI score0.00277EPSS

Web

CVE•added 2025/03/20 10:9 a.m.•78 views

CVE-2024-8438

Summary: CVE-2024-8438 describes a path traversal in modelscope/agentscope v0.0.4 where the /api/file endpoint does not sanitize the path parameter, enabling reading arbitrary server files. The underlying impact is information disclosure with a high severity (CVSS3/7.5) but no exploitation detail...

7.5CVSS7.5AI score0.0039EPSS

Web

CVE•added 2025/03/20 10:10 a.m.•77 views

CVE-2024-8551

CVE-2024-8551 : A path traversal vulnerability affects modelscope/agentscope in the save-workflow and load-workflow functionality, present in versions prior to the fix. An attacker can read and write arbitrary JSON files on the filesystem, potentially exposing or modifying sensitive data (config ...

9.1CVSS9AI score0.00297EPSS

Web

CVE•added 2025/03/20 10:11 a.m.•73 views

CVE-2024-8487

AgentScope (modelscope/agentscope) v0.0.4 has a CORS misconfiguration that does not restrict access to trusted origins, enabling requests from any external domain. This can lead to unauthorized data access and information disclosure. Some sources note PoC availability and state there is no fixed ...

9.8CVSS7.2AI score0.00258EPSS

CVE•added 2025/03/20 10:11 a.m.•53 views

CVE-2024-8556

CVE-2024-8556 affects modelscope/agentscope with a stored XSS in the run-details view where a user-controllable run ID is appended and rendered as HTML, enabling arbitrary JavaScript in the victim’s browser. The issue is tied to dashboard.js rendering logic; PoC in Snyk shows a crafted run_id, co...

6.1CVSS5.9AI score0.00167EPSS

CVE•added 2025/03/20 10:11 a.m.•51 views

CVE-2024-8524

CVE-2024-8524 concerns modelscope/agentscope v0.0.4, where a directory traversal vulnerability allows an attacker to read arbitrary local JSON files via a crafted POST to the /read-examples endpoint. Affected component: agentscope (Python package) in the modelscope project; vulnerability arises f...

7.5CVSS7.3AI score0.00926EPSS

Web

CVE•added 2024/11/04 12:0 a.m.•50 views

CVE-2024-48050

CVE-2024-48050 affects AgentScope

9.8CVSS7AI score0.00188EPSS

CVE•added 2025/03/20 10:8 a.m.•48 views

CVE-2024-8501

Summary : CVE-2024-8501 affects the modelscope/agentscope project, specifically the rpc_agent_client component in version v0.0.4. The vulnerability permits an attacker to leverage the download_file method to download arbitrary files from the rpc_agent host. Impact : This can lead to unauthorized ...

8.8CVSS7.7AI score0.00517EPSS

CVE•added 2025/03/20 10:11 a.m.•48 views

CVE-2024-8537

CVE-2024-8537 describes a path traversal vulnerability in modelscope/agentscope affecting the /delete-workflow endpoint, enabling an attacker to delete arbitrary files due to improper input validation. The issue is reported across multiple feeds (Veracode, Snyk, GHSA/OSV/CVE listings) with PoC-li...

9.1CVSS9.2AI score0.00506EPSS

Web