CVE-2024-48050

Published: Nov 4, 2024

Modified: Nov 6, 2024

PUBLISHED

Description

In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can directly execute user-provided commands.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://rumbling-slice-eb0.notion.site/Unauthenticated-Remote-Code-Execution-via-The-use-of-eval-in-is_callable_expression-and-sanitize_nod-cd4ea6c576da4e0b965ef596855c298d

https://gist.github.com/AfterSnows/0ad9d233a9d2a5b7e6e5273e2e23508d

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-48050

Description

Affected Products

References