{"id":"PYSEC-2025-83","details":"A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint.","aliases":["CVE-2024-8524","GHSA-6v28-q95m-93qr"],"modified":"2026-06-10T17:00:08.928792773Z","published":"2025-03-20T10:15:42.853Z","references":[{"type":"EVIDENCE","url":"https://huntr.com/bounties/cc4acf33-700d-4220-8a8a-db28f5c4cc8f"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-6v28-q95m-93qr"}],"affected":[{"package":{"name":"agentscope","ecosystem":"PyPI","purl":"pkg:pypi/agentscope"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"0.0.4"}]}],"versions":["0.0.1","0.0.2","0.0.3","0.0.4"],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/agentscope/PYSEC-2025-83.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}