CVE-2024-8550 | modelscope agentscope up to 0.0.4 /load-workflow filename exposure of sensitive system information to an unauthorized control sphere

Inserito da Angelo Barbosa | Feb 10, 2025 | CVE

A vulnerability classified as problematic was found in modelscope agentscope up to 0.0.4. Affected by this vulnerability is an unknown functionality of the file /load-workflow. The manipulation of the argument filename leads to exposure of sensitive system information to an unauthorized control sphere.

This vulnerability is known as CVE-2024-8550. The attack can be launched remotely. There is no exploit available.

CVE-2024-8550 | modelscope agentscope up to 0.0.4 /load-workflow filename exposure of sensitive system information to an unauthorized control sphere

Post correlati

CVE-2024-40629 | JumpServer up to 3.10.11 path traversal (GHSA-3wgp-q8m7-v33v)

CVE-2024-41433 | PingCAP TiDB 8.1.0 expression.ExplainExpressionList denial of service

CVE-2024-45518 | Synacor Zimbra Collaboration Suite HTTP Request server-side request forgery

CVE-2024-47484 | Dell Avamar up to 19.10SP1 sql injection (dsa-2024-489)