📦 Agentscope

This CVE describes a Cross-Origin Resource Sharing (CORS) misconfiguration in modelscope/agentscope v0.0.4 that allows any external domain to make requests to the API. This vulnerability enables unaut...

A path traversal vulnerability in modelscope/agentscope's /delete-workflow endpoint allows attackers to delete arbitrary files from the filesystem by manipulating file paths. This affects all versions...

This vulnerability allows unauthenticated remote code execution in agentscope workflow utilities. Attackers can execute arbitrary commands through the eval() function in is_callable_expression. All us...

A path traversal vulnerability in modelscope/agentscope v0.0.4 allows attackers to read arbitrary files on the server by manipulating the 'path' parameter in the /api/file endpoint. This affects all d...

This vulnerability allows any user to download arbitrary files from the rpc_agent's host system by exploiting the download_file method in modelscope/agentscope. This can lead to unauthorized access to...

A stored cross-site scripting (XSS) vulnerability in modelscope/agentscope allows attackers to inject malicious JavaScript via user-controllable run IDs. This code executes in victims' browsers when t...