A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling the attacker to manipulate file paths and delete sensitive files outside of the intended directory.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HModelscope Agentscope
APPModelscopewszystkie wersje
Related vulnerabilities
Błędna konfiguracja CORS w Modelscope AgentScope umożliwia nieautoryzowany dostęp do API
Path traversal w AgentScope umożliwia odczyt i zapis plików JSON
RCE przez niezabezpieczone eval() w Modelscope AgentScope
A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit thi...
A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` d...