CVE-2024-2912

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...

EUVD-2024-1219

Malicious code in bioql PyPI...

GHSA-MRMQ-3Q62-6CC8 BentoML SSRF Vulnerability in File Upload Processing

Description There's an SSRF in the file upload processing system that allows remote attackers to make arbitrary HTTP requests from the server without authentication. The vulnerability exists in the serialization/deserialization handlers for multipart form data and JSON requests, which automatical...

CVE-2024-2912

CVE-2024-2912 (BentoML) has documented insecure deserialization leading to remote code execution (RCE). The vulnerability arises when a serialized object is crafted to execute OS commands during deserialization and sent to BentoML endpoints via POST requests, allowing attackers to run arbitrary c...

PT-2024-22740 · Bentoml · Bentoml

Name of the Vulnerable Software and Affected Versions: BentoML affected versions not specified Description: An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability,...