PT-2025-12234 · Unknown · Modelscope/Agentscope

Published

2025-03-20

Updated

2025-03-20

CVE-2024-8524

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions modelscope/agentscope version 0.0.4

Description A directory traversal issue exists, allowing an attacker to read any local JSON file by sending a crafted POST request to the "/read-examples" endpoint. This enables the attacker to access sensitive information.

Recommendations For modelscope/agentscope version 0.0.4, as a temporary workaround, consider restricting access to the "/read-examples" endpoint until a patch is available. Avoid using this endpoint with untrusted input to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-73

Related Identifiers

CVE-2024-8524

GHSA-6V28-Q95M-93QR

PYSEC-2025-83

Affected Products

Modelscope/Agentscope

PT-2025-12234 · Unknown · Modelscope/Agentscope

CVE-2024-8524

Weakness Enumeration

Related Identifiers

Affected Products

References · 9