CVE-2024-8551

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-23
View all →

Vulnerability Description

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of sensitive information such as configuration files, API keys, and hardcoded passwords.

Related Vulnerabilities

CVE-2020-10619

CRITICAL
CVSS:9.1(Critical)

An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.

CWE-232020

CVE-2020-4039

CRITICAL
CVSS:9.1(Critical)

SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file ...

CWE-232020

CVE-2020-8570

CRITICAL
CVSS:9.1(Critical)

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a malici...

CWE-232020

CVE-2021-24035

CRITICAL
CVSS:9.1(Critical)

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite Wha...

CWE-232021

CVE-2021-32825

CRITICAL
CVSS:9.1(Critical)

bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbo...

CWE-232021

CVE-2024-47051

CRITICAL
CVSS:9.1(Critical)

This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) vi...

CWE-232024