CVE-2026-27905
- EPSS -
- Veröffentlicht 03.03.2026 22:45:40
- Zuletzt bearbeitet 03.03.2026 23:15:55
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safe_extract_tarfile() function validates that each tar member's path is within the destination directory, but for symlink...
CVE-2026-24123
- EPSS 0.01%
- Veröffentlicht 26.01.2026 22:14:39
- Zuletzt bearbeitet 03.02.2026 15:07:55
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to version 1.4.34, BentoML's `bentofile.yaml` configuration allows path traversal attacks through multiple file path fields (`description...
CVE-2025-54381
- EPSS 0.52%
- Veröffentlicht 29.07.2025 22:11:24
- Zuletzt bearbeitet 05.08.2025 15:41:26
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers t...
CVE-2025-32375
- EPSS 67.34%
- Veröffentlicht 09.04.2025 15:30:03
- Zuletzt bearbeitet 22.04.2025 16:52:36
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST reques...
CVE-2025-27520
- EPSS 80.95%
- Veröffentlicht 04.04.2025 14:28:51
- Zuletzt bearbeitet 27.06.2025 12:48:46
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. I...