BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
Summary A Remote Code Execution RCE vulnerability caused by insecure deserialization has been identified in the latest versionv1.4.2 of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. Details It exists an unsafe code segment in serde.py: Python def...