CVE-2024-8537

Name of the Vulnerable Software and Affected Versions modelscope/agentscope versions all

Description The issue is related to a path traversal problem in the application. It is present in the "/delete-workflow" endpoint, which allows an attacker to delete arbitrary files from the filesystem. This problem arises due to improper input validation, enabling the attacker to manipulate file paths and delete sensitive files outside of the intended directory.

Recommendations For all versions, consider disabling access to the "/delete-workflow" endpoint until a proper fix is applied, and ensure proper input validation is implemented to prevent path manipulation. Restrict access to sensitive files and directories to minimize the risk of exploitation.