Vulnerabilities > CVE-2024-8524 - Unspecified vulnerability in Modelscope Agentscope 0.0.4

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

modelscope

NVD

Published: 2025-03-20

Updated: 2025-04-01

Summary

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint.

Vulnerable Configurations

Part	Description	Count
Application	Modelscope Modelscope Agentscope 0.0.4	1

References

https://huntr.com/bounties/cc4acf33-700d-4220-8a8a-db28f5c4cc8f
https://huntr.com/bounties/cc4acf33-700d-4220-8a8a-db28f5c4cc8f