Is agentscope affected by CVE-2024-8550?

PyPI agentscope is affected in <=0.0.4.

Is CVE-2024-8550 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.5%.

high

CVE-2024-8550

Q: Is CVE-2024-8550 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.5%.

PyPI · agentscope

Summary

A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue arise

Severity: high
EPSS: 0.5% (p38)
Also known as: PYSEC-2025-84
Published: 2025-02-10

References

https://huntr.com/bounties/7cd8f519-7c75-4936-889d-a17ea1bcb3ea

Related advisories

CVE-2024-8551 — critical · PyPI/agentscope
CVE-2024-8537 — critical · PyPI/agentscope
CVE-2024-8502 — critical · PyPI/agentscope
CVE-2024-8487 — high · PyPI/agentscope
CVE-2024-8501 — high · PyPI/agentscope
CVE-2024-8524 — high · PyPI/agentscope
CVE-2024-8438 — high · PyPI/agentscope
CVE-2026-6606 — medium · PyPI/agentscope

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.