Home > Vulnerability Database > CVE-2024-8551

Mend.io Vulnerability Database

CVE-2024-8551

Good to know:

Date: March 20, 2025

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of sensitive information such as configuration files, API keys, and hardcoded passwords.

Severity Score

9.1

Related Resources (5)

Url: https://huntr.com/bounties/e0c0c294-f1e2-4f2c-a632-a9be9fd06989

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8551

Url: https://github.com/modelscope/agentscope

Url: https://github.com/modelscope/agentscope/blob/01530ee6a99c86426aab1be11ec3b3b86ca640ac/src/agentscope/studio/_app.py#L680

Url: https://www.mend.io/vulnerability-database/CVE-2024-8551

Severity Score

9.1

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Relative Path Traversal

CWE-23

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8551

Good to know:

Date: March 20, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?