CVE-2024-8551 – agentscope

Package

Manager: pip
Name: agentscope
Vulnerable Version: >=0 <=0.1.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00104 pctl0.28995

Details

AgentScope path traversal vulnerability in save-workflow A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of sensitive information such as configuration files, API keys, and hardcoded passwords.

Metadata

Created: 2025-03-20T12:32:48Z
Modified: 2025-03-20T20:52:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-j9rw-qm5f-r8xm/GHSA-j9rw-qm5f-r8xm.json
CWE IDs: ["CWE-22", "CWE-23"]
Alternative ID: GHSA-j9rw-qm5f-r8xm
Finding: F063
Auto approve: 1