ModelScope AgentScope Path Traversal Vulnerability Allowing Arbitrary File Read and Write

Vulnerability

A path traversal vulnerability has been identified in the save-workflow and load-workflow functionalities of ModelScope AgentScope, affecting versions prior to the fix. This vulnerability enables an attacker to read and write arbitrary JSON files on the filesystem, which could lead to the exposure or modification of sensitive information such as configuration files, API keys, and hardcoded passwords.

Impact

Exploitation of this vulnerability could result in unauthorized access to or modification of sensitive information, including configuration files, API keys, and hardcoded passwords.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ModelScope AgentScope Path Traversal Vulnerability Allowing Arbitrary File Read and Write

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating