CVE-2024-8438
published 2025-03-20CVE-2024-8438: A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not properly sanitize the `path` parameter…
PriorityP350high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
0.71%
49.0th percentile
A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not properly sanitize the `path` parameter, allowing an attacker to read arbitrary files on the server.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| modelscope | agentscope | — | — |
| modelscope | agentscope | 0 – 0.0.4 | — |
| modelscope | modelscope_agentscope | unspecified – latest | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
AgentScope Path Traversal in /api/file
ghsa·2025-03-20
CVE-2024-8438 [HIGH] CWE-22 AgentScope Path Traversal in /api/file
AgentScope Path Traversal in /api/file
A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not properly sanitize the `path` parameter, allowing an attacker to read arbitrary files on the server.
OSV
AgentScope Path Traversal in /api/file
osv·2025-03-20
CVE-2024-8438 [HIGH] AgentScope Path Traversal in /api/file
AgentScope Path Traversal in /api/file
A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not properly sanitize the `path` parameter, allowing an attacker to read arbitrary files on the server.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published