High severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025
Path Traversal in modelscope/agentscope
CVE-2024-8438
Description
A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint /api/file does not properly sanitize the path parameter, allowing an attacker to read arbitrary files on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
agentscopePyPI | <= 0.0.4 | — |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-f4hc-q562-cc5rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-8438ghsaADVISORY
- github.com/modelscope/agentscope/blob/af8e45ded37b3834c981473b309239e0102473d0/src/agentscope/studio/_app.pyghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/agentscope/PYSEC-2025-80.yamlghsaWEB
- huntr.com/bounties/3f170c58-42ee-422d-ab6f-32c7aa05b974ghsaWEB
News mentions
0No linked articles in our index yet.