Cross-Site Request Forgery Vulnerability in AgentScope Studio by Modelscope
CVE-2024-8489

8.8HIGH

Key Information:

Vendor: Modelscope
Status: Modelscope/agentscope
Vendor: CVE Published:; 20 March 2025

What is CVE-2024-8489?

A Cross-Site Request Forgery vulnerability has been identified in the backend of Modelscope's AgentScope Studio. This vulnerability arises from overly permissive Cross-Origin Resource Sharing (CORS) headers, allowing unauthorized access to sensitive backend endpoints. An attacker can exploit this flaw to execute requests against the backend, such as the api/file endpoint, potentially reading arbitrary files from the target's local file system. This situation poses significant risks to user privacy and data integrity, making immediate remediation critical.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

modelscope/agentscope <= unspecified

References

https://huntr.com/bounties/93195bf0-9ac2-4476-a2ea-7c9364...

CVSS V3.0

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Sep 5, 2024

JSON

Modelscope

What is CVE-2024-8489?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.