3 matches found
Symlink Attack
Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Symlink Attack in the safeextracttarfile function. An attacker can overwrite arbitrary files on the host filesystem, potentially leading to remote code execution, by crafting ...
GHSA-M6W7-QV66-G3MF BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction
Arbitrary File Write via Symlink Path Traversal in Tar Extraction Summary The safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path, not the symlink's target. An attacker can create a...
BentoML 后置链接漏洞
BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.36, there was a post-link vulnerability. This vulnerability stemmed from the safeextracttarfile function,...