Directory Traversal

Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Directory Traversal via the processing of user-supplied file paths in configuration fields description, docker.setupscript, docker.dockerfiletemplate, and conda.environmentyml...

GHSA-6R62-W2Q3-48HF BentoML has a Path Traversal via Bentofile Configuration

Summary BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate, conda.environmentyml. An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files fr...

BentoML has a Path Traversal via Bentofile Configuration

Summary BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate, conda.environmentyml. An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files fr...

Missing Authentication

jupyter-scheduler is vulnerable to Missing Authentication. The vulnerability is due to a missing authentication check on the /scheduler/runtimeenvironments API endpoint, allowing unauthenticated users to obtain the list of Conda environment names on the server...

PT-2024-22321 · Unknown +1 · Jupyter Server +2

Name of the Vulnerable Software and Affected Versions: Jupyter Scheduler versions 1.0.0 through 1.1.5 Jupyter Scheduler version 1.2.0 Jupyter Scheduler versions 1.3.0 through 1.8.1 Jupyter Scheduler versions 2.0.0 through 2.5.1 Description: Jupyter Scheduler is a collection of extensions for...