Lucene search
+L

10 matches found

Saint
Saint
added 2025/10/24 12:0 a.m.76 views

BentoML runner server deserialization vulnerability

Added: 10/24/2025 CVE: CVE-2024-9070 Background BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Problem A deserialization vulnerability in the BentoML runner server allows remote attackers to execute arbitrary commands by sending a...

9.8CVSS7.8AI score0.00846EPSS
Exploits2
Saint
Saint
added 2025/10/24 12:0 a.m.119 views

BentoML runner server deserialization vulnerability

Added: 10/24/2025 CVE: CVE-2024-9070 Background BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Problem A deserialization vulnerability in the BentoML runner server allows remote attackers to execute arbitrary commands by sending a...

9.8CVSS9.8AI score0.00846EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/03/22 11:46 a.m.7 views

CVE-2024-9070

A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions =1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is...

9.8CVSS7.4AI score0.00846EPSS
Exploits2References1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.6 views

ai-dynamo (=0.1.0), bento-sgl-router (>=0.0.1 <=0.0.6) +32 more potentially affected by CVE-2024-9070 via bentoml (>=0.10.1 <=1.4.39)

bentoml PYPI version =0.10.1, =0.0.1, =0.1.0, =0.1.0, =0.2.3, =0.1.0, =0.0.1, =0.0.10, =0.1.0, =0.2.0, =0.0.5, =0.1.1 - fusionmllib =0.1.0 - kazemlstack =0.1.0 and more Source cves: CVE-2024-9070 Source advisory: OSV:GHSA-9G44-GWVM-HC44...

9.8CVSS7.7AI score0.00846EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.8 views

ai-dynamo (=0.1.0), bento-sgl-router (>=0.0.1 <=0.0.6) +22 more potentially affected by CVE-2024-9070 via bentoml (>=1.0.0a7 <=1.4.7)

bentoml PYPI version =1.0.0a7, =0.0.1, =0.2.3, =0.1.0, =0.0.1, =1.0.1, =0.1.0, =0.2.0, =0.3.12, =0.0.1, =1.0.3, =1.0.4 and more Source cves: CVE-2024-9070 Source advisory: SNYK:PYTHON-BENTOML-9508725...

9.8CVSS7.2AI score0.00846EPSS
Exploits2
Circl
Circl
added 2025/03/20 11:40 a.m.8 views

CVE-2024-9070

creationtimestamp| type| source ---|---|--- 2025-03-20 11:40:51+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmhzifc524 2025-03-20 12:48:35+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114194835990694470...

9.8CVSS9.5AI score0.00846EPSS
Exploits2References2
NVD
NVD
added 2025/03/20 10:15 a.m.11 views

CVE-2024-9070

A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions =1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is...

9.8CVSS0.00846EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.4 views

CVE-2024-9070 Deserialization Vulnerability in BentoML's Runner Server in bentoml/bentoml

A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions =1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is...

9.8CVSS9.7AI score0.00846EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.9 views

CVE-2024-9070 Deserialization Vulnerability in BentoML's Runner Server in bentoml/bentoml

A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions =1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is...

9.8CVSS0.00846EPSS
Exploits2References1
CVE
CVE
added 2025/03/20 10:10 a.m.48 views

CVE-2024-9070

The CVE-2024-9070 issue concerns BentoML’s runner server (bentoml/bentoml) with versions up to and including 1.3.4.post1. A deserialization vulnerability allowed remote attackers to trigger arbitrary code execution by sending a crafted pickle payload when args-number &gt; 1, leading to automatic ...

9.8CVSS9.7AI score0.00846EPSS
Exploits2References1
Rows per page
Query Builder