Bentoml Bentoml vulnerabilities
3 known vulnerabilities affecting bentoml/bentoml_bentoml.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-2912P2CRITICALCVSS 10.0≥ 1.2.0, ≤ 1.2.42024-04-16
CVE-2024-2912 [CRITICAL] CWE-1188 CVE-2024-2912: An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code exec
An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is triggered when a serialized object, crafted to exe
nvd
CVE-2024-9070P2CRITICALCVSS 9.8≥ unspecified, ≤ latest2025-03-20
CVE-2024-9070 [CRITICAL] CWE-502 CVE-2024-9070: A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions <=1.3.
A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions <=1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is greater than 1, leading to automatic deserialization and
nvd
CVE-2024-9056P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-9056 [HIGH] CWE-770 CVE-2024-9056: BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can
BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, leading to excessive resource consumption and rendering the service unavailabl
nvd