CVE-2024-8438: AgentScope Path Traversal in /api/file
(updated )
A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint /api/file does not properly sanitize the path parameter, allowing an attacker to read arbitrary files on the server.
References
- github.com/advisories/GHSA-f4hc-q562-cc5r
- github.com/modelscope/agentscope/blob/af8e45ded37b3834c981473b309239e0102473d0/src/agentscope/studio/_app.py
- github.com/pypa/advisory-database/tree/main/vulns/agentscope/PYSEC-2025-80.yaml
- huntr.com/bounties/3f170c58-42ee-422d-ab6f-32c7aa05b974
- nvd.nist.gov/vuln/detail/CVE-2024-8438
Code Behaviors & Features
Detect and mitigate CVE-2024-8438 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →