Modelscope Agentscope Local File Inclusion Vulnerability in Load-Workflow Endpoint

A local file inclusion (LFI) vulnerability has been identified in the Modelscope Agentscope application, specifically in version 0.0.4. The issue arises in the '/load-workflow' endpoint, where improper sanitization of user input allows attackers to manipulate the filename parameter and read arbitrary files from the server. This vulnerability can be exploited to access sensitive files, such as API keys, by leveraging the os.path.join function to navigate outside the intended directory.

Impact

Exploitation of this vulnerability allows for the reading of any JSON file on the system, including files that contain sensitive API keys for language model services.

Reproduction

To reproduce this vulnerability, send a POST request to the '/load-workflow' endpoint with a JSON payload that includes an absolute path to a JSON file on the server. The request must be made while the application is running and accessible, such as through a local server. The response will include the contents of the specified JSON file, demonstrating the successful exploitation of the local file inclusion vulnerability.