PT-2025-12229 · Unknown · Modelscope/Agentscope

Published

2025-03-20

Updated

2025-03-21

CVE-2024-8438

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions modelscope/agentscope version v.0.0.4

Description A path traversal issue exists, allowing an attacker to read arbitrary files on the server due to improper sanitization of the path parameter in the /api/file API endpoint.

Recommendations For modelscope/agentscope version v.0.0.4, consider restricting access to the /api/file API endpoint until a patch is available, and ensure proper sanitization of the path parameter to prevent path traversal attacks.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2024-8438

GHSA-F4HC-Q562-CC5R

PYSEC-2025-80

Affected Products

Modelscope/Agentscope

PT-2025-12229 · Unknown · Modelscope/Agentscope

CVE-2024-8438

Weakness Enumeration

Related Identifiers

Affected Products

References · 9