Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution via Deserialization in modelscope/agentscope
Vulnerability Description
A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution (RCE) via deserialization of untrusted data using the dill library. The issue occurs in the AgentServerServicer.create_agent method, where serialized input is deserialized using dill.loads, enabling an attacker to execute arbitrary commands on the server.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
AgentScope 代码问题漏洞
Vulnerability Description
AgentScope是ModelScope开源的一个应用程序。更简单地构建基于 LLM 的多智能体应用。 AgentScope v0.0.6a3版本存在代码问题漏洞,该漏洞源于RpcAgentServerLauncher类通过dill库反序列化不可信数据导致远程代码执行,攻击者可以在服务器上执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A