Home > Vulnerability Database > CVE-2024-8537

Mend.io Vulnerability Database

CVE-2024-8537

Good to know:

Date: March 20, 2025

A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling the attacker to manipulate file paths and delete sensitive files outside of the intended directory.

Severity Score

9.1

Related Resources (7)

Url: https://huntr.com/bounties/eeb8aa4b-e6e5-465c-b0dd-aa97e3b7dc09

Url: https://github.com/modelscope/agentscope

Url: https://github.com/modelscope/agentscope/pull/459

Url: https://github.com/modelscope/agentscope/blob/01530ee6a99c86426aab1be11ec3b3b86ca640ac/src/agentscope/studio/_app.py#L743

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8537

Url: https://github.com/modelscope/agentscope/commit/7d285e862f86fa1d96ed04c4cd40a5f1b8f9189a

Url: https://www.mend.io/vulnerability-database/CVE-2024-8537

Severity Score

9.1

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Path Traversal: '..filename'

CWE-29

Top Fix

Upgrade Version

Upgrade to version https://github.com/modelscope/agentscope.git - v0.1.2

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8537

Good to know:

Date: March 20, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?