CVE-2024-8524

Summary

CVE-2024-8524 is a newly disclosed directory traversal vulnerability affecting modelscope/agentscope version 0.0.4. This issue allows an attacker to read any local JSON file by crafting a malicious POST request to the /read-examples endpoint, potentially exposing sensitive data. Attackers can manipulate the request's path component to traverse directories and access files outside the intended directory, which can lead to unauthorized data access. This vulnerability poses a significant risk, particularly in environments where untrusted users or data may be present. Organizations using modelscope/agentscope version 0.0.4 are urged to update to a patched version as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.