Local File Inclusion Vulnerability in ModelScope AgentScope
CVE-2024-8550

Currently unrated

Key Information:

Vendor: Modelscope
Status: Modelscope/agentscope
Vendor: CVE Published:; 10 February 2025

What is CVE-2024-8550?

A Local File Inclusion vulnerability exists in the /load-workflow endpoint of ModelScope's AgentScope version 0.0.4. This flaw permits attackers to exploit the filename parameter, allowing unauthorized access to arbitrary files on the server, including sensitive information like API keys. The vulnerability stems from insufficient sanitization of user inputs passed to the os.path.join function, creating an opportunity for file traversal attacks and exposure of critical files outside the designated directory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

modelscope/agentscope <= unspecified

References

https://huntr.com/bounties/7cd8f519-7c75-4936-889d-a17ea1...

Timeline

Vulnerability published
Feb 10, 2025
Vulnerability Reserved
Sep 6, 2024

JSON

Modelscope

What is CVE-2024-8550?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.