漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Local File Inclusion (LFI) in modelscope/agentscope
Vulnerability Description
A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue arises due to improper sanitization of user input passed to the os.path.join function, which can be exploited to access files outside the intended directory.
CVSS Information
N/A
Vulnerability Type
将系统数据暴露到未授权控制的范围
Vulnerability Title
AgentScope 安全漏洞
Vulnerability Description
AgentScope是ModelScope开源的一个应用程序。更简单地构建基于 LLM 的多智能体应用。 AgentScope 0.0.4版本存在安全漏洞,该漏洞源于/load-workflow端点中存在本地文件包含漏洞,导致攻击者可从服务器读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A