{"data":{"id":"aa0481c0-638d-423b-8a7f-a09a51be56ff","title":"CVE-2024-8502: A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution (","summary":"CVE-2024-8502 is a vulnerability in modelscope/agentscope v0.0.6a3 where the RpcAgentServerLauncher class unsafely deserializes (converts serialized data back into code) untrusted data using the dill library, allowing attackers to execute arbitrary commands on the server. The vulnerability exists in the AgentServerServicer.create_agent method, which directly deserializes user input without validation.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-8502","publishedAt":"2025-03-20T10:15:42.733Z","cveId":"CVE-2024-8502","cweIds":["CWE-502"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["ModelScope","AgentScope"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00413,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}