Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Download in modelscope/agentscope
Vulnerability Description
An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file method. This can lead to unauthorized access to sensitive information, including configuration files, credentials, and potentially system files, which may facilitate further exploitation such as privilege escalation or lateral movement within the network.
CVSS Information
N/A
Vulnerability Type
绝对路径遍历
Vulnerability Title
AgentScope 安全漏洞
Vulnerability Description
AgentScope是ModelScope开源的一个应用程序。更简单地构建基于 LLM 的多智能体应用。 AgentScope v0.0.4版本存在安全漏洞,该漏洞源于rpc_agent_client组件允许任意文件下载,攻击者可以利用download_file方法下载rpc_agent主机上的任何文件,可能导致敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A