GHSA-75v5-6885-59f9: AgentScope Cross-Origin Resource Sharing (CORS) vulnerability

Skip to content

Navigation Menu

• • GitHub Copilot

    Write better code with AI

  • Security

    Find and fix vulnerabilities

  • Actions

    Automate any workflow

  • Codespaces

    Instant dev environments

  • Issues

    Plan and track work

  • Code Review

    Manage code changes

  • Discussions

    Collaborate outside of code

  • Code Search

    Find more, search less

• Explore

  • Learning Pathways
  • Events & Webinars
  • Ebooks & Whitepapers
  • Customer Stories
  • Partners
  • Executive Insights

• • GitHub Sponsors

    Fund open source developers

*   The ReadME Project
    
    GitHub community articles

• • Enterprise platform

    AI-powered developer platform

• Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

1. GitHub Advisory Database
2. GitHub Reviewed
3. CVE-2024-8487

AgentScope Cross-Origin Resource Sharing (CORS) vulnerability

High severity GitHub Reviewed Published Mar 20, 2025 to the GitHub Advisory Database • Updated Mar 20, 2025

Package

pip agentscope (pip)

Affected versions

<= 0.0.4

Description

A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can lead to unauthorized data access, information disclosure, and potential further exploitation, thereby compromising the integrity and confidentiality of the system.

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-8487
• https://huntr.com/bounties/7aca7507-a94e-4e63-83a2-15648e5c4067

Published to the GitHub Advisory Database

Mar 20, 2025

Last updated

Mar 20, 2025

EPSS score