Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/01/26 9:17 p.m.9 views

BentoML has a Path Traversal via Bentofile Configuration

Summary BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate, conda.environmentyml. An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files fr...

7.4CVSS6AI score0.00437EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/01/26 9:17 p.m.5 views

Directory Traversal

Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Directory Traversal via the processing of user-supplied file paths in configuration fields description, docker.setupscript, docker.dockerfiletemplate, and conda.environmentyml...

8.2CVSS6.3AI score0.00437EPSS
Exploits0References3
OSV
OSV
added 2026/01/26 9:17 p.m.6 views

GHSA-6R62-W2Q3-48HF BentoML has a Path Traversal via Bentofile Configuration

Summary BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate, conda.environmentyml. An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files fr...

7.4CVSS6AI score0.00437EPSS
Exploits0References5
Veracode
Veracode
added 2024/05/28 5:59 a.m.18 views

Missing Authentication

jupyter-scheduler is vulnerable to Missing Authentication. The vulnerability is due to a missing authentication check on the /scheduler/runtimeenvironments API endpoint, allowing unauthenticated users to obtain the list of Conda environment names on the server...

5.3CVSS6.9AI score0.00331EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.8 views

PT-2024-22321

Name of the Vulnerable Software and Affected Versions Jupyter Scheduler versions 1.0.0 through 1.1.5 Jupyter Scheduler version 1.2.0 Jupyter Scheduler versions 1.3.0 through 1.8.1 Jupyter Scheduler versions 2.0.0 through 2.5.1 Description Jupyter Scheduler is a collection of extensions for...

5.3CVSS6.1AI score0.00331EPSS
Exploits0References18
Rows per page
Query Builder