CVE-2024-8501

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-8501

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8501.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-8501

Aliases

GHSA-p6h7-hfj2-vmcf

Published

2025-03-20T10:15:42.610Z

Modified

2026-03-14T12:40:53.044116Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An arbitrary file download vulnerability exists in the rpcagentclient component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpcagent's host by exploiting the downloadfile method. This can lead to unauthorized access to sensitive information, including configuration files, credentials, and potentially system files, which may facilitate further exploitation such as privilege escalation or lateral movement within the network.

References

https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8501.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "0.0.4"
            }
        ]
    }
]