CVE-2024-8438

Published: 2025-03-20T10:15Z

Last Modified: 2025-03-20T10:15Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not properly sanitize the `path` parameter, allowing an attacker to read arbitrary files on the server. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt