5 matches found
BentoML has a Path Traversal via Bentofile Configuration
Summary BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate, conda.environmentyml. An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files fr...
Directory Traversal
Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Directory Traversal via the processing of user-supplied file paths in configuration fields description, docker.setupscript, docker.dockerfiletemplate, and conda.environmentyml...
GHSA-6R62-W2Q3-48HF BentoML has a Path Traversal via Bentofile Configuration
Summary BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate, conda.environmentyml. An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files fr...
Missing Authentication
jupyter-scheduler is vulnerable to Missing Authentication. The vulnerability is due to a missing authentication check on the /scheduler/runtimeenvironments API endpoint, allowing unauthenticated users to obtain the list of Conda environment names on the server...
PT-2024-22321
Name of the Vulnerable Software and Affected Versions Jupyter Scheduler versions 1.0.0 through 1.1.5 Jupyter Scheduler version 1.2.0 Jupyter Scheduler versions 1.3.0 through 1.8.1 Jupyter Scheduler versions 2.0.0 through 2.5.1 Description Jupyter Scheduler is a collection of extensions for...