Modelscope Agentscope Directory Traversal Vulnerability Allowing Local JSON File Read

Vulnerability

A directory traversal vulnerability has been identified in Modelscope Agentscope version 0.0.4. This vulnerability allows an attacker to read any local JSON file by sending a crafted POST request to the /read-examples endpoint.

Impact

Exploitation of this vulnerability allows for unauthorized reading of local JSON files, which could lead to exposure of sensitive information.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Modelscope Agentscope Directory Traversal Vulnerability Allowing Local JSON File Read

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating