Lucene search
K

217 matches found

vulnersOsv
vulnersOsv
added 2026/03/26 7:32 a.m.4 views

ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-33744 via bentoml (>=0.10.1 <=1.4.3)

bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-33744 Source advisory: OSV:GHSA-JFJG-VC52-WQVF...

7.8CVSS5.4AI score0.00257EPSS
Exploits1
EUVD
EUVD
added 2026/03/26 7:32 a.m.8 views

EUVD-2026-16513

BentoML has Dockerfile Command Injection via systempackages in bentofile.yaml...

7.8CVSS5.8AI score0.00257EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.4 views

CVE-2026-27905

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...

8.6CVSS6.1AI score0.00257EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.7 views

BentoML < 1.4.36 Arbitrary File Write

The version of the BentoML library installed on the remote host is prior to 1.4.36. It is, therefore, affected by an arbitrary file write vulnerability: - The safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only...

8.6CVSS5.9AI score0.00257EPSS
Exploits1References2
NVD
NVD
added 2026/03/03 11:15 p.m.7 views

CVE-2026-27905

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...

8.6CVSS0.00257EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/03 10:45 p.m.5 views

EUVD-2026-9343

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...

8.6CVSS6.1AI score0.00257EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/03 10:45 p.m.3 views

CVE-2026-27905 BentoML has an Arbitrary File Write via Symlink Path Traversal in Tar Extraction

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...

8.6CVSS6.1AI score0.00257EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/03 10:45 p.m.20 views

CVE-2026-27905 BentoML has an Arbitrary File Write via Symlink Path Traversal in Tar Extraction

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...

8.6CVSS0.00257EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/03 10:45 p.m.5 views

CVE-2026-27905

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...

8.6CVSS6.1AI score0.00257EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/03 10:45 p.m.14 views

CVE-2026-27905

CVE-2026-27905 affects BentoML prior to 1.4.36. The safe_extract_tarfile() path validation checks only the symlink’s own path, not the symlink’s target, enabling an attacker to craft a tar with a symlink pointing outside the extraction directory followed by a regular file that writes via the syml...

8.6CVSS6.1AI score0.00257EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/03/03 5:46 p.m.4 views

Symlink Attack

Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Symlink Attack in the safeextracttarfile function. An attacker can overwrite arbitrary files on the host filesystem, potentially leading to remote code execution, by crafting ...

8.8CVSS6.1AI score0.00257EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/03/03 5:46 p.m.4 views

ai-dynamo (>=0.1.0 <=0.3.0), bento-sgl-router (>=0.0.1 <=0.0.6) +32 more potentially affected by CVE-2026-27905 via bentoml (>=0.10.1 <=1.4.8)

bentoml PYPI version =0.10.1, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.2.3, =0.1.0, =0.0.1, =0.0.10, =0.1.0, =0.2.0, =0.0.5, =0.1.1 - fusionmllib =0.1.0 - kazemlstack =0.1.0 and more Source cves: CVE-2026-27905 Source advisory: SNYK:PYTHON-BENTOML-15372202...

8.6CVSS5.4AI score0.00257EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/03 5:46 p.m.7 views

ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-27905 via bentoml (>=0.10.1 <=1.4.3)

bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-27905 Source advisory: OSV:GHSA-M6W7-QV66-G3MF...

8.6CVSS5.8AI score0.00257EPSS
Exploits1
OSV
OSV
added 2026/03/03 5:46 p.m.3 views

GHSA-M6W7-QV66-G3MF BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction

Arbitrary File Write via Symlink Path Traversal in Tar Extraction Summary The safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path, not the symlink's target. An attacker can create a...

8.6CVSS6.5AI score0.00257EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.6 views

PT-2026-22843

Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.36 Description BentoML is a Python library used for building online serving systems for AI applications and model inference. The safe extract tarfile function does not fully validate symlink targets within tar...

8.6CVSS6.1AI score0.00257EPSS
Exploits1References10
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.8 views

BentoML 后置链接漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.36, there was a post-link vulnerability. This vulnerability stemmed from the safeextracttarfile function,...

8.6CVSS6.1AI score0.00257EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.7 views

BentoML < 1.4.34 Path Traversal

The version of the BentoML library installed on the remote host is prior to 1.4.34. It is, therefore, affected by a path traversal vulnerability: - BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript,...

7.4CVSS5.8AI score0.00437EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.17 views

BentoML v1.3.9 - Open Redirect

An open redirect vulnerability exists in BentoML v1.3.9, where the file parameter in the /ui/gradioapi/file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-12760 inf...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/01/26 10:14 p.m.5 views

CVE-2026-24123 BentoML has a Path Traversal via Bentofile Configuration

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to version 1.4.34, BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate,...

7.4CVSS6AI score0.00437EPSS
Exploits0References5
CVE
CVE
added 2026/01/26 10:14 p.m.26 views

CVE-2026-24123

Summary: CVE-2026-24123 affects BentoML before version 1.4.34, enabling path traversal via bentofile.yaml fields (description, docker.setup_script, docker.dockerfile_template, conda.environment_yml). An attacker can craft a malicious bentofile that, when built, exfiltrates arbitrary files from th...

7.4CVSS6AI score0.00437EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder