Lucene search
K

220 matches found

Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.4 views

CVE-2024-9056 Denial of Service in bentoml/bentoml

BentoML version v1.3.4post1 is vulnerable to a Denial of Service DoS attack. The vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, leading to excessive...

7.5CVSS7.4AI score0.00664EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.11 views

CVE-2024-9056 Denial of Service in bentoml/bentoml

BentoML version v1.3.4post1 is vulnerable to a Denial of Service DoS attack. The vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, leading to excessive...

7.5CVSS0.00664EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.6 views

CVE-2024-12760

...

6.2AI score
Exploits0
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.11 views

CVE-2024-12760

...

Exploits0
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

编号撤回

BentoML is an open source modeling service library from BentoML Open Source. For building high-performance and scalable AI applications using Python. This CVE number has been withdrawn...

7.6AI score
Exploits0References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

BentoML 命令注入漏洞

Horovod is an open source distributed deep learning training framework designed to improve the training efficiency and scalability of large-scale deep learning models. Horovod suffers from a remote code execution vulnerability that can be exploited by an attacker to execute arbitrary code on a...

9.8CVSS9.7AI score0.00846EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

编号撤回

BentoML is an open source modeling service library from BentoML Open Source. For building high-performance and scalable AI applications using Python. This CVE number has been withdrawn...

5.6AI score
Exploits0References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

BentoML 资源管理错误漏洞

BentoML is an open source modeling service library from BentoML Open Source. It is used to build high-performance and scalable AI applications using Python. A resource management error vulnerability exists in BentoML v1.3.4post1, which stems from not properly handling multi-part boundaries and...

7.5CVSS7.3AI score0.00664EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/10/04 12:0 a.m.7 views

BentoML Detection

A BentoML Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'xcompat.inc'; if description scriptid208134; scriptversion"1.5";...

5.9AI score
Exploits0References1
Veracode
Veracode
added 2024/04/17 7:24 a.m.16 views

Remote Code Execution (RCE)

bentoML is vulnerable to an Remote Code Execution RCE. The vulnerability is due to missing media type checks when handling serialized objects, resulting remote code execution through crafted POST requests containing pickled objects...

10CVSS8.3AI score0.01497EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/04/16 12:30 a.m.40 views

GHSA-HVJ5-MVW9-93J3 Insecure deserialization in BentoML

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...

9.8CVSS10AI score0.01497EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2024/04/16 12:30 a.m.7 views

bento2seldon (>=0.1.0 <=0.4.0), bento2seldon4recsys (>=0.1.0 <=0.1.3) +15 more potentially affected by CVE-2024-2912 via bentoml (>=0.10.1 <=1.2.20)

bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 - tfhubartifact =0.0.4 and more Source cves: CVE-2024-2912 Source advisory: OSV:GHSA-HVJ5-MVW9-93J3...

10CVSS7.2AI score0.01497EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/04/16 12:30 a.m.25 views

Insecure deserialization in BentoML

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...

10CVSS9.9AI score0.01497EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/04/16 12:15 a.m.17 views

CVE-2024-2912

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...

10CVSS10AI score0.01497EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.16 views

CVE-2024-2912 Insecure Deserialization Leading to RCE in bentoml/bentoml

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...

10CVSS8.5AI score0.01497EPSS
Exploits0References2
CVE
CVE
added 2024/04/16 12:0 a.m.102 views

CVE-2024-2912

CVE-2024-2912 (BentoML) has documented insecure deserialization leading to remote code execution (RCE). The vulnerability arises when a serialized object is crafted to execute OS commands during deserialization and sent to BentoML endpoints via POST requests, allowing attackers to run arbitrary c...

10CVSS9.9AI score0.01497EPSS
Exploits0References2
OSV
OSV
added 2024/04/16 12:0 a.m.12 views

CVE-2024-2912 Insecure Deserialization Leading to RCE in bentoml/bentoml

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...

10CVSS8.1AI score0.01497EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.36 views

CVE-2024-2912 Insecure Deserialization Leading to RCE in bentoml/bentoml

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...

10CVSS10AI score0.01497EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.3 views

BentoML 安全漏洞

BentoML is an open source modeling service library from BentoML Open Source. for building high-performance and scalable AI applications using Python. A security vulnerability exists in BentoML that stems from the presence of an insecure deserialization vulnerability that allows Remote Code...

10CVSS9.2AI score0.01497EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.6 views

PT-2024-22740

Name of the Vulnerable Software and Affected Versions BentoML affected versions not specified Description An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability,...

10CVSS8.1AI score0.01497EPSS
Exploits0References17
Rows per page
Query Builder