Описание
AgentScope directory traversal vulnerability in /read-examples
A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint.
Пакеты
Наименование
agentscope
pip
Затронутые версииВерсия исправления
<= 0.0.4
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
11 месяцев назад
A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint.