<p>Upgrade <code>bentoml</code> to version 1.2.5 or higher.</p>

Insecure Deserialization Affecting bentoml package, versions [,1.2.5)

Snyk CVSS

Attack Complexity Low

Confidentiality High

Integrity High

Availability High

Threat Intelligence

Exploit Maturity Proof of concept

EPSS 0.04% (9^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-BENTOML-6615826
published 16 Apr 2024
disclosed 16 Apr 2024
credit pinkdraconian

Report a new vulnerability Found a mistake?

Introduced: 16 Apr 2024

New CVE-2024-2912 Open this link in a new tab CWE-1188 Open this link in a new tab

How to fix?

Upgrade bentoml to version 1.2.5 or higher.

Overview

bentoml is a BentoML: Build Production-Grade AI Applications

Affected versions of this package are vulnerable to Insecure Deserialization due to sending a single POST request to any valid endpoint. An attacker can execute arbitrary commands on the server.

References

GitHub Commit