Directory Traversal Vulnerability in ModelScope AgentScope by ModelScope
CVE-2024-8524

7.5HIGH

Key Information:

Vendor: Modelscope
Status: Modelscope/agentscope
Vendor: CVE Published:; 20 March 2025

What is CVE-2024-8524?

A directory traversal vulnerability in ModelScope's AgentScope version 0.0.4 allows attackers to gain unauthorized access to local JSON files. By sending a specially crafted POST request to the /read-examples endpoint, an attacker can exploit this vulnerability, potentially exposing sensitive information stored in JSON format. This flaw underscores the importance of secure coding practices and thorough input validation to prevent unauthorized file access.

Affected Version(s)

modelscope/agentscope <= unspecified

References

https://huntr.com/bounties/cc4acf33-700d-4220-8a8a-db28f5...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Sep 6, 2024

CVE-2024-8524 Data

JSON

Modelscope

What is CVE-2024-8524?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline