Home

Description

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of sensitive information such as configuration files, API keys, and hardcoded passwords.

PUBLISHED Reserved 2024-09-06 | Published 2025-03-20 | Updated 2025-10-15 | Assigner @huntr_ai




CRITICAL: 9.1CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Problem types

CWE-23 Relative Path Traversal

Product status

Any version
affected

References

huntr.com/bounties/e0c0c294-f1e2-4f2c-a632-a9be9fd06989

cve.org (CVE-2024-8551)

nvd.nist.gov (CVE-2024-8551)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.