In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can directly execute user-provided commands.
Metrics
Affected Vendors & Products
References
History
Wed, 06 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Modelscope
Modelscope agentscope |
|
Weaknesses | CWE-94 | |
CPEs | cpe:2.3:a:modelscope:agentscope:*:*:*:*:*:*:*:* | |
Vendors & Products |
Modelscope
Modelscope agentscope |
|
Metrics |
cvssV3_1
|
Mon, 04 Nov 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can directly execute user-provided commands. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-11-04T00:00:00
Updated: 2024-11-06T21:02:15.321Z
Reserved: 2024-10-08T00:00:00
Link: CVE-2024-48050
Vulnrichment
Updated: 2024-11-06T21:02:10.345Z
NVD
Status : Awaiting Analysis
Published: 2024-11-04T23:15:04.250
Modified: 2024-11-06T21:35:07.863
Link: CVE-2024-48050
Redhat
No data.