Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
โ€ขadded 2026/03/28 4:56 a.m.โ€ข5 views

CVE-2026-33744

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

7.8CVSS6.1AI score0.00257EPSS
Exploits1References1
NVD
NVD
โ€ขadded 2026/03/27 1:16 a.m.โ€ข9 views

CVE-2026-33744

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

7.8CVSS0.00257EPSS
Exploits1References1
PyPA
PyPA
โ€ขadded 2026/03/27 1:16 a.m.โ€ข11 views

PYSEC-2026-157

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

7.8CVSS6AI score0.00257EPSS
Exploits1References1Affected Software1
OSV
OSV
โ€ขadded 2026/03/27 1:16 a.m.โ€ข7 views

PYSEC-2026-157

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

7.8CVSS6AI score0.00257EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/03/27 12:45 a.m.โ€ข1 views

CVE-2026-33744

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

7.8CVSS6AI score0.00257EPSS
Exploits1References2Affected Software1
OSV
OSV
โ€ขadded 2026/03/27 12:45 a.m.โ€ข4 views

CVE-2026-33744 BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

7.8CVSS6.1AI score0.00257EPSS
Exploits1References3
CVE
CVE
โ€ขadded 2026/03/27 12:45 a.m.โ€ข24 views

CVE-2026-33744

CVE-2026-33744 affects BentoML versions prior to 1.4.37. The issue arises when the docker.system_packages field in bentofile.yaml is interpolated into Dockerfile RUN commands without sanitization, allowing arbitrary shell commands to execute during bentoml containerize or docker build. Impact is ...

7.8CVSS6AI score0.00257EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
โ€ขadded 2026/03/27 12:0 a.m.โ€ข12 views

BentoML ไปฃ็ ๆณจๅ…ฅๆผๆดž

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.37, there was a code injection vulnerability. This vulnerability stemmed from the docker.systemPackages...

7.8CVSS6AI score0.00257EPSS
Exploits1References1
Github Security Blog
Github Security Blog
โ€ขadded 2026/03/26 7:32 a.m.โ€ข12 views

BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml

Summary The docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since systempackages is semantically a list of OS package names data, users do not expect values to be interpreted as shell command...

7.8CVSS6.6AI score0.00257EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder