CVE-2024-8551

CRITICAL

modelscope/agentscope < - Path Traversal

Title source: llm

Description

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of sensitive information such as configuration files, API keys, and hardcoded passwords.

References (1)

[Exploit, Third Party Advisory] https://huntr.com/bounties/e0c0c294-f1e2-4f2c-a632-a9be9fd06989

Scores

CVSS v3 9.1

EPSS 0.0024

EPSS Percentile 46.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-23

Status published

Affected Products (2)

modelscope/agentscope

pypi/agentscope PyPI

Timeline

Published Mar 20, 2025

Tracked Since Feb 18, 2026