Metrics
Affected Vendors & Products
Source | ID | Title |
---|---|---|
![]() |
EUVD-2025-6907 | A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can lead to unauthorized data access, information disclosure, and potential further exploitation, thereby compromising the integrity and confidentiality of the system. |
![]() |
GHSA-75v5-6885-59f9 | AgentScope Cross-Origin Resource Sharing (CORS) vulnerability |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 01 Apr 2025 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Modelscope
Modelscope agentscope |
|
CPEs | cpe:2.3:a:modelscope:agentscope:0.0.4:*:*:*:*:*:*:* | |
Vendors & Products |
Modelscope
Modelscope agentscope |
|
Metrics |
cvssV3_1
|
Thu, 20 Mar 2025 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 20 Mar 2025 10:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can lead to unauthorized data access, information disclosure, and potential further exploitation, thereby compromising the integrity and confidentiality of the system. | |
Title | CORS Vulnerability in modelscope/agentscope | |
Weaknesses | CWE-346 | |
References |
| |
Metrics |
cvssV3_0
|

Status: PUBLISHED
Assigner: @huntr_ai
Published:
Updated: 2025-03-20T13:04:47.063Z
Reserved: 2024-09-05T16:33:09.824Z
Link: CVE-2024-8487

Updated: 2025-03-20T13:04:38.306Z

Status : Analyzed
Published: 2025-03-20T10:15:42.360
Modified: 2025-04-01T20:32:06.197
Link: CVE-2024-8487

No data.

No data.