Every CVE whose affected-product data names Modelscope Agentscope, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2024-8487 — CVSS 9.8 (critical): A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the…
CVE-2024-48050 — CVSS 9.8 (critical): In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this…
CVE-2024-8537 — CVSS 9.1 (critical): A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the…
CVE-2024-8551 — CVSS 9.1 (critical): A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the…
CVE-2024-8501 — CVSS 8.8 (high): An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This…
CVE-2024-8524 — CVSS 7.5 (high): A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any…
CVE-2024-8438 — CVSS 7.5 (high): A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not properly sanitize the…
CVE-2024-8550 — CVSS 7.5 (high): A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This…
CVE-2024-8556 — CVSS 6.1 (medium): A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The…