Description

In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can directly execute user-provided commands.

INFO

Published Date :

2024-11-04T00:00:00.000Z

Last Modified :

2024-11-06T21:02:15.321Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-48050 vulnerability.

Vendors Products
Modelscope
  • Agentscope
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-48050.

URL Resource
https://gist.github.com/AfterSnows/0ad9d233a9d2a5b7e6e5273e2e23508d cve-icon cve-icon
https://rumbling-slice-eb0.notion.site/Unauthenticated-Remote-Code-Execution-via-The-use-of-eval-in-is_callable_expression-and-sanitize_nod-cd4ea6c576da4e0b965ef596855c298d cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact