Bentoml

Bentoml

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.6

CVE-2026-35044

Exploit
  • EPSS 0.04%
  • Veröffentlicht 06.04.2026 17:13:43
  • Zuletzt bearbeitet 10.04.2026 18:31:47

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/_internal/container/generate.py uses an unsandboxed...

7.8

CVE-2026-35043

Exploit
  • EPSS 0.06%
  • Veröffentlicht 06.04.2026 17:10:24
  • Zuletzt bearbeitet 10.04.2026 18:54:17

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/_internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 16...

7.8

CVE-2026-33744

Exploit
  • EPSS 0.01%
  • Veröffentlicht 27.03.2026 01:16:21
  • Zuletzt bearbeitet 01.04.2026 15:00:48

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the `docker.system_packages` field in `bentofile.yaml` accepts arbitrary strings that are interpolated directly into Dockerfil...

7.8

CVE-2026-27905

Exploit
  • EPSS 0.01%
  • Veröffentlicht 03.03.2026 22:45:40
  • Zuletzt bearbeitet 05.03.2026 21:04:51

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safe_extract_tarfile() function validates that each tar member's path is within the destination directory, but for symlink...

6.5

CVE-2026-24123

  • EPSS 0.01%
  • Veröffentlicht 26.01.2026 22:14:39
  • Zuletzt bearbeitet 03.02.2026 15:07:55

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to version 1.4.34, BentoML's `bentofile.yaml` configuration allows path traversal attacks through multiple file path fields (`description...

9.9

CVE-2025-54381

Exploit
  • EPSS 0.54%
  • Veröffentlicht 29.07.2025 22:11:24
  • Zuletzt bearbeitet 05.08.2025 15:41:26

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers t...

9.8

CVE-2025-32375

Exploit
  • EPSS 67.34%
  • Veröffentlicht 09.04.2025 15:30:03
  • Zuletzt bearbeitet 22.04.2025 16:52:36

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST reques...

9.8

CVE-2025-27520

Exploit
  • EPSS 87.35%
  • Veröffentlicht 04.04.2025 14:28:51
  • Zuletzt bearbeitet 27.06.2025 12:48:46

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. I...