Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-8501
CVE-2024-8501:
Python vulnerability analysis and mitigation
Overview
An arbitrary file download vulnerability (CVE-2024-8501) exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. The vulnerability was disclosed on March 20, 2025, and affects the modelscope/agentscope software package (NVD).
Technical details
The vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file method. It has been classified as CWE-36 (Absolute Path Traversal). The vulnerability has received a CVSS v3.0 base score of 7.5 (HIGH) with the vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (NVD, Huntr).
Impact
This vulnerability can lead to unauthorized access to sensitive information, including configuration files, credentials, and potentially system files. The exposure of such sensitive data may facilitate further exploitation such as privilege escalation or lateral movement within the network (NVD).
Additional resources
Source: This report was generated using AI
Related Python vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management