CVE-2024-8537 – agentscope

Package

Manager: pip
Name: agentscope
Vulnerable Version: >=0 <=0.1.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00371 pctl0.58073

Details

AgentScope path traversal vulnerability A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling the attacker to manipulate file paths and delete sensitive files outside of the intended directory.

Metadata

Created: 2025-03-20T12:32:48Z
Modified: 2025-03-20T20:51:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-c4cc-w454-4634/GHSA-c4cc-w454-4634.json
CWE IDs: ["CWE-22", "CWE-29"]
Alternative ID: GHSA-c4cc-w454-4634
Finding: F063
Auto approve: 1