GHSA-75v5-6885-59f9

Suggest an improvement
Source
https://github.com/advisories/GHSA-75v5-6885-59f9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-75v5-6885-59f9/GHSA-75v5-6885-59f9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-75v5-6885-59f9
Aliases
Published
2025-03-20T12:32:48Z
Modified
2025-03-20T21:19:34.585421Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVSS Calculator
Summary
AgentScope Cross-Origin Resource Sharing (CORS) vulnerability
Details

A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can lead to unauthorized data access, information disclosure, and potential further exploitation, thereby compromising the integrity and confidentiality of the system.

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-20T20:50:34Z",
    "severity": "HIGH",
    "nvd_published_at": "2025-03-20T10:15:42Z",
    "cwe_ids": [
        "CWE-346"
    ]
}
References

Affected packages

PyPI / agentscope

Package

Name
agentscope
View open source insights on deps.dev
Purl
pkg:pypi/agentscope

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.0.4

Affected versions

0.*
0.0.1
0.0.2
0.0.3
0.0.4

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-75v5-6885-59f9/GHSA-75v5-6885-59f9.json"