High severity8.8NVD Advisory· Published Mar 20, 2025· Updated Apr 15, 2026
CVE-2024-8489
CVE-2024-8489
Description
A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery (CSRF) due to overly permissive CORS headers. This issue affects the latest commit on the main branch (21161fe). The vulnerability permits an attacker to access all backend endpoints, including the api/file endpoint, enabling the reading of arbitrary files on the target's local file system through CSRF.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: =21161fe
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.