CVE-2024-8551

CRITICAL

modelscope/agentscope < - Path Traversal

Title source: llm

Description

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of sensitive information such as configuration files, API keys, and hardcoded passwords.

References (1)

[Exploit, Third Party Advisory] https://huntr.com/bounties/e0c0c294-f1e2-4f2c-a632-a9be9fd06989

Scores

CVSS v3 9.1

EPSS 0.0030

EPSS Percentile 53.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-23

Status published

Products (2)

modelscope/agentscope

pypi/agentscope 0PyPI

Published Mar 20, 2025

Tracked Since Feb 18, 2026