Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create CVE-2024-8537.yaml #11255

Closed
wants to merge 2 commits into from
Closed

Create CVE-2024-8537.yaml #11255

wants to merge 2 commits into from
+39 −0

Conversation

gy741
Copy link
Contributor

@gy741 gy741 commented Nov 27, 2024

Template / PR Information

Hello,

Added CVE-2024-8537

The agentscope application is vulnerable to a path traversal vulnerability in /delete-workflow endpoint that allows any attacker to be able to delete arbitrary files from the filesystem .

Template Validation

I've validated this template locally?

  • YES
  • NO

Although the issue could not be reproduced due to API issues, the person in charge verified the issue.

@gy741
Create CVE-2024-8537.yaml
45c733d 
The agentscope application is vulnerable to a path traversal vulnerability in /delete-workflow endpoint that allows any attacker to be able to delete arbitrary files from the filesystem .

Signed-off-by: GwanYeong Kim <[email protected]>
@ritikchaddha ritikchaddha self-assigned this Nov 27, 2024
@GeorginaReeder
Copy link

Thanks so much for your contributions @gy741 !

@ritikchaddha
Copy link
Contributor

Hello @gy741,

I apologize for the delay in my response. After reviewing the template you shared, we have concluded that adding a proof of concept (POC) that deletes the sensitive file is not a good idea. It would be helpful if you could update the POC to make it less intrusive.

Thank you for your understanding.

@ritikchaddha
Copy link
Contributor

ritikchaddha commented Jan 8, 2025
edited
Loading

Hi @gy741 ,

Due to inactivity, we are closing this pull request. Feel free to raise another pull request with more information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@ritikchaddha ritikchaddha

Labels
waiting for more info
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gy741 @GeorginaReeder @ritikchaddha @ehsandeep