4 matches found
BentoML < 1.4.34 Path Traversal
The version of the BentoML library installed on the remote host is prior to 1.4.34. It is, therefore, affected by a path traversal vulnerability: - BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript,...
CVE-2026-24123
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to version 1.4.34, BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate,...
EUVD-2026-4723
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to version 1.4.34, BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate,...
GHSA-6R62-W2Q3-48HF BentoML has a Path Traversal via Bentofile Configuration
Summary BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate, conda.environmentyml. An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files fr...