Vulnerability Details CVE-2024-8438
A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not properly sanitize the `path` parameter, allowing an attacker to read arbitrary files on the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.2%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2024-8438
-
cpe:2.3:a:modelscope:agentscope:0.0.4