High severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025

CORS Vulnerability in modelscope/agentscope

CVE-2024-8487

Description

A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can lead to unauthorized data access, information disclosure, and potential further exploitation, thereby compromising the integrity and confidentiality of the system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A CORS misconfiguration in AgentScope v0.0.4 allows any external domain to make API requests, leading to unauthorized data access and information disclosure.

Vulnerability

Overview A Cross-Origin Resource Sharing (CORS) misconfiguration in AgentScope version v0.0.4 allows any external domain to make requests to the API [2]. The server does not properly restrict access to trusted origins, violating the same-origin policy [2].

Exploitation

An attacker can craft a malicious webpage that, when visited by a user authenticated to the AgentScope server, sends cross-origin requests to the API. No special network position is required; the attack can be performed from any external domain [2]. The vulnerability is exposed via the server's CORS headers.

Impact

Successful exploitation could lead to unauthorized data access and information disclosure, potentially compromising the integrity and confidentiality of the system [2]. The attacker may be able to read sensitive data or perform actions on behalf of the victim.

Mitigation

The vulnerability was reported via the Huntr bug bounty platform [3]. Users of AgentScope v0.0.4 should update to a patched version or apply appropriate CORS restrictions as recommended by the project maintainers [1].

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
agentscopePyPI	<= 0.0.4	—

Affected products

Modelscope/Agentscopellm-fuzzy
Range: = v0.0.4
ghsa-coords
pkg:pypi/agentscope
Range: <= 0.0.4
modelscope/modelscope/agentscopev5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-75v5-6885-59f9ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-8487ghsaADVISORY
huntr.com/bounties/7aca7507-a94e-4e63-83a2-15648e5c4067ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000