43 matches found
Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.17 bug fix and security update
Red Hat OpenShift Container Platform release 4.21.17 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a...
PYSEC-2026-158
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...
CVE-2026-35043 BentoML: command injection in cloud deployment setup script (deployment.py)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...
GHSA-FGV4-6JR3-JGFW BentoML: Command Injection in cloud deployment setup script
Commit ce53491 March 24 fixed command injection via systempackages in Dockerfile templates and images.py by adding shlex.quote. However, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix. Line 1648 interpolates systempackages directly into a shell...
BentoML: Command Injection in cloud deployment setup script
Commit ce53491 March 24 fixed command injection via systempackages in Dockerfile templates and images.py by adding shlex.quote. However, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix. Line 1648 interpolates systempackages directly into a shell...
Command Injection
Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Command Injection in the systempackages parameter of the deployment setup process. An attacker can execute arbitrary commands on the cloud build infrastructure by injecting...
PT-2026-30281
Commit ce53491 March 24 fixed command injection via system packages in Dockerfile templates and images.py by adding shlex.quote. However, the cloud deployment path in src/bentoml/ internal/cloud/deployment.py was not included in the fix. Line 1648 interpolates system packages directly into a shel...
CVE-2026-33744
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...
PYSEC-2026-157
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...
CVE-2026-33744
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...
PYSEC-2026-157
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...
CVE-2026-33744 BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...
CVE-2026-33744
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...
CVE-2026-33744
BentoML is affected by a Dockerfile command Injection via the docker.system_packages field in bentofile.yaml. The field’s values are interpolated directly into shell commands without sanitization, allowing a crafted package entry to execute arbitrary commands during bentoml containerize or docker...
CVE-2026-33744 BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...
BentoML 代码注入漏洞
BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.37, there was a code injection vulnerability. This vulnerability stemmed from the docker.systemPackages...
Arbitrary Code Injection
Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Arbitrary Code Injection via the systempackages handling in the Dockerfile generation and image command paths. An attacker can execute arbitrary shell commands during bentoml...
EUVD-2026-16513
BentoML has Dockerfile Command Injection via systempackages in bentofile.yaml...
GHSA-JFJG-VC52-WQVF BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml
Summary The docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since systempackages is semantically a list of OS package names data, users do not expect values to be interpreted as shell command...
BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml
Summary The docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since systempackages is semantically a list of OS package names data, users do not expect values to be interpreted as shell command...