15 matches found
PYSEC-2026-190
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentom...
CVE-2026-44346
CVE-2026-44346 affects BentoML. A malicious bentofile.yaml with a newline-injected value in envs[*].name yields unquoted RUN directives in the BentoML-generated Dockerfile, causing those RUN commands to run on the host during docker build when running bentoml containerize. The issue stems from un...
Dockerfile command injection via envs[*].name in bentofile.yaml (sibling fix-bypass of CVE-2026-33744 and CVE-2026-35043)
BentoML envs.name Dockerfile command injection — sibling of CVE-2026-33744 / CVE-2026-35043 A malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentoml containerize on the imported...
GHSA-W2PM-X38X-JP44 Dockerfile command injection via envs[*].name in bentofile.yaml (sibling fix-bypass of CVE-2026-33744 and CVE-2026-35043)
BentoML envs.name Dockerfile command injection — sibling of CVE-2026-33744 / CVE-2026-35043 A malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentoml containerize on the imported...
PT-2026-30281
Commit ce53491 March 24 fixed command injection via system packages in Dockerfile templates and images.py by adding shlex.quote. However, the cloud deployment path in src/bentoml/ internal/cloud/deployment.py was not included in the fix. Line 1648 interpolates system packages directly into a shel...
BentoML < 1.4.37 Command Injection (GHSA-jfjg-vc52-wqvf)
The version of the BentoML library installed on the remote host is prior to 1.4.37. It is, therefore, affected by a command injection vulnerability: - The docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without...
PYSEC-2026-157
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...
CVE-2026-33744 BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...
CVE-2026-33744
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...
CVE-2026-33744 BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...
CVE-2026-33744 BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...
Arbitrary Code Injection
Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Arbitrary Code Injection via the systempackages handling in the Dockerfile generation and image command paths. An attacker can execute arbitrary shell commands during bentoml...
BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml
Summary The docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since systempackages is semantically a list of OS package names data, users do not expect values to be interpreted as shell command...
PT-2026-28523
Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.37 Description BentoML is a Python library used for building online serving systems for AI applications and model inference. A flaw exists where the docker.system packages field within the bentofile.yaml file does...
CVE-2026-24123
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to version 1.4.34, BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate,...