High severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025
Directory Traversal in modelscope/agentscope
CVE-2024-8524
Description
A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
agentscopePyPI | <= 0.0.4 | — |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-6v28-q95m-93qrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-8524ghsaADVISORY
- github.com/modelscope/agentscope/blob/af8e45ded37b3834c981473b309239e0102473d0/src/agentscope/studio/_app.pyghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/agentscope/PYSEC-2025-83.yamlghsaWEB
- huntr.com/bounties/cc4acf33-700d-4220-8a8a-db28f5c4cc8fghsaWEB
News mentions
0No linked articles in our index yet.