VYPR

Bentoml

by Bentoml

pypi: bentoml

Source repositories

CVEs (14)

  • CVE-2024-9070CriMar 20, 2025
    risk 0.64cvss 9.8epss 0.01

    A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions <=1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the…

  • CVE-2024-2912CriApr 16, 2024
    risk 0.58cvss 10.0epss 0.01

    An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application.…

  • CVE-2026-44346HigMay 27, 2026
    risk 0.50cvss 8.8epss 0.00

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].name produces unquoted RUN directives in the BentoML-generated Dockerfile. When…

  • CVE-2026-44345HigMay 27, 2026
    risk 0.50cvss 8.8epss 0.00

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2 interpolates docker.base_image raw with no escaping, newline filtering, or…

  • CVE-2026-35044HigApr 6, 2026
    risk 0.50cvss 8.8epss 0.00

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/_internal/container/generate.py uses an unsandboxed jinja2.Environment with the…

  • CVE-2024-9056HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character,…

  • CVE-2026-35043HigApr 6, 2026
    risk 0.44cvss 7.8epss 0.00

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/_internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates…

  • CVE-2026-33744HigMar 27, 2026
    risk 0.44cvss 7.8epss 0.00

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the `docker.system_packages` field in `bentofile.yaml` accepts arbitrary strings that are interpolated directly into Dockerfile `RUN` commands without…

  • CVE-2026-40610MedMay 22, 2026
    risk 0.29cvss 5.5epss 0.00

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the…

  • CVE-2025-32375Apr 9, 2025
    risk 0.08cvss epss 0.44

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute…

  • CVE-2026-27905Mar 3, 2026
    risk 0.00cvss epss 0.00

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safe_extract_tarfile() function validates that each tar member's path is within the destination directory, but for symlink members it only validates…

  • CVE-2026-24123Jan 26, 2026
    risk 0.00cvss epss 0.00

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to version 1.4.34, BentoML's `bentofile.yaml` configuration allows path traversal attacks through multiple file path fields (`description`, `docker.setup_script`,…

  • CVE-2025-54381Jul 29, 2025
    risk 0.00cvss epss 0.12

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make…

  • CVE-2025-27520Apr 4, 2025
    risk 0.00cvss epss 0.44

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated…