10 matches found
BentoML runner server deserialization vulnerability
Added: 10/24/2025 CVE: CVE-2024-9070 Background BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Problem A deserialization vulnerability in the BentoML runner server allows remote attackers to execute arbitrary commands by sending a...
BentoML runner server deserialization vulnerability
Added: 10/24/2025 CVE: CVE-2024-9070 Background BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Problem A deserialization vulnerability in the BentoML runner server allows remote attackers to execute arbitrary commands by sending a...
CVE-2024-9070
A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions =1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is...
ai-dynamo (=0.1.0), bento-sgl-router (>=0.0.1 <=0.0.6) +32 more potentially affected by CVE-2024-9070 via bentoml (>=0.10.1 <=1.4.39)
bentoml PYPI version =0.10.1, =0.0.1, =0.1.0, =0.1.0, =0.2.3, =0.1.0, =0.0.1, =0.0.10, =0.1.0, =0.2.0, =0.0.5, =0.1.1 - fusionmllib =0.1.0 - kazemlstack =0.1.0 and more Source cves: CVE-2024-9070 Source advisory: OSV:GHSA-9G44-GWVM-HC44...
ai-dynamo (=0.1.0), bento-sgl-router (>=0.0.1 <=0.0.6) +22 more potentially affected by CVE-2024-9070 via bentoml (>=1.0.0a7 <=1.4.7)
bentoml PYPI version =1.0.0a7, =0.0.1, =0.2.3, =0.1.0, =0.0.1, =1.0.1, =0.1.0, =0.2.0, =0.3.12, =0.0.1, =1.0.3, =1.0.4 and more Source cves: CVE-2024-9070 Source advisory: SNYK:PYTHON-BENTOML-9508725...
CVE-2024-9070
creationtimestamp| type| source ---|---|--- 2025-03-20 11:40:51+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmhzifc524 2025-03-20 12:48:35+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114194835990694470...
CVE-2024-9070
A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions =1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is...
CVE-2024-9070 Deserialization Vulnerability in BentoML's Runner Server in bentoml/bentoml
A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions =1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is...
CVE-2024-9070 Deserialization Vulnerability in BentoML's Runner Server in bentoml/bentoml
A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions =1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is...
CVE-2024-9070
The CVE-2024-9070 issue concerns BentoML’s runner server (bentoml/bentoml) with versions up to and including 1.3.4.post1. A deserialization vulnerability allowed remote attackers to trigger arbitrary code execution by sending a crafted pickle payload when args-number > 1, leading to automatic ...