Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8
CVE-2024-8501
- EPSS 0.18%
- Veröffentlicht 20.03.2025 10:08:44
- Zuletzt bearbeitet 01.04.2025 20:31:58
An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file method. This ...
7.5
CVE-2024-8550
- EPSS 0.28%
- Veröffentlicht 10.02.2025 19:15:39
- Zuletzt bearbeitet 30.07.2025 01:02:10
A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by ma...
9.8
CVE-2024-48050
- EPSS 0.19%
- Veröffentlicht 04.11.2024 23:15:04
- Zuletzt bearbeitet 04.09.2025 16:26:54
In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can directly execute user-provided commands.