{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T17:26:05.535","vulnerabilities":[{"cve":{"id":"CVE-2024-8550","sourceIdentifier":"security@huntr.dev","published":"2025-02-10T19:15:39.440","lastModified":"2025-07-30T01:02:10.567","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue arises due to improper sanitization of user input passed to the os.path.join function, which can be exploited to access files outside the intended directory."},{"lang":"es","value":"Existe una vulnerabilidad de inclusión de archivos locales (LFI) en el endpoint /load-workflow de modelscope/agentscope versión v0.0.4. Esta vulnerabilidad permite a un atacante leer archivos arbitrarios del servidor, incluidos archivos confidenciales como claves de API, mediante la manipulación del parámetro filename. El problema surge debido a una depuración inadecuada de la entrada del usuario que se pasa a la función os.path.join, que se puede explotar para acceder a archivos fuera del directorio previsto."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-497"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:modelscope:agentscope:0.0.4:*:*:*:*:*:*:*","matchCriteriaId":"D90FB84B-BF69-41F6-875D-BFB3C19EB9CC"}]}]}],"references":[{"url":"https://huntr.com/bounties/7cd8f519-7c75-4936-889d-a17ea1bcb3ea","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]},{"url":"https://huntr.com/bounties/7cd8f519-7c75-4936-889d-a17ea1bcb3ea","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}