ГлавнаяУязвимости → CVE-2024-8524
7.5высокая

CVE-2024-8524

Описание

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint.

Затрагиваемое ПО
Modelscope Agentscope
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://huntr.com/bounties/cc4acf33-700d-4220-8a8a-db28f5c4cc8fhttps://huntr.com/bounties/cc4acf33-700d-4220-8a8a-db28f5c4cc8f