220 matches found
CVE-2024-9056 Denial of Service in bentoml/bentoml
BentoML version v1.3.4post1 is vulnerable to a Denial of Service DoS attack. The vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, leading to excessive...
CVE-2024-9056 Denial of Service in bentoml/bentoml
BentoML version v1.3.4post1 is vulnerable to a Denial of Service DoS attack. The vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, leading to excessive...
CVE-2024-12760
...
CVE-2024-12760
...
编号撤回
BentoML is an open source modeling service library from BentoML Open Source. For building high-performance and scalable AI applications using Python. This CVE number has been withdrawn...
BentoML 命令注入漏洞
Horovod is an open source distributed deep learning training framework designed to improve the training efficiency and scalability of large-scale deep learning models. Horovod suffers from a remote code execution vulnerability that can be exploited by an attacker to execute arbitrary code on a...
编号撤回
BentoML is an open source modeling service library from BentoML Open Source. For building high-performance and scalable AI applications using Python. This CVE number has been withdrawn...
BentoML 资源管理错误漏洞
BentoML is an open source modeling service library from BentoML Open Source. It is used to build high-performance and scalable AI applications using Python. A resource management error vulnerability exists in BentoML v1.3.4post1, which stems from not properly handling multi-part boundaries and...
BentoML Detection
A BentoML Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'xcompat.inc'; if description scriptid208134; scriptversion"1.5";...
Remote Code Execution (RCE)
bentoML is vulnerable to an Remote Code Execution RCE. The vulnerability is due to missing media type checks when handling serialized objects, resulting remote code execution through crafted POST requests containing pickled objects...
GHSA-HVJ5-MVW9-93J3 Insecure deserialization in BentoML
An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...
bento2seldon (>=0.1.0 <=0.4.0), bento2seldon4recsys (>=0.1.0 <=0.1.3) +15 more potentially affected by CVE-2024-2912 via bentoml (>=0.10.1 <=1.2.20)
bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 - tfhubartifact =0.0.4 and more Source cves: CVE-2024-2912 Source advisory: OSV:GHSA-HVJ5-MVW9-93J3...
Insecure deserialization in BentoML
An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...
CVE-2024-2912
An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...
CVE-2024-2912 Insecure Deserialization Leading to RCE in bentoml/bentoml
An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...
CVE-2024-2912
CVE-2024-2912 (BentoML) has documented insecure deserialization leading to remote code execution (RCE). The vulnerability arises when a serialized object is crafted to execute OS commands during deserialization and sent to BentoML endpoints via POST requests, allowing attackers to run arbitrary c...
CVE-2024-2912 Insecure Deserialization Leading to RCE in bentoml/bentoml
An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...
CVE-2024-2912 Insecure Deserialization Leading to RCE in bentoml/bentoml
An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...
BentoML 安全漏洞
BentoML is an open source modeling service library from BentoML Open Source. for building high-performance and scalable AI applications using Python. A security vulnerability exists in BentoML that stems from the presence of an insecure deserialization vulnerability that allows Remote Code...
PT-2024-22740
Name of the Vulnerable Software and Affected Versions BentoML affected versions not specified Description An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability,...