Search for packages
| purl | pkg:pypi/bentoml@1.2.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4bcc-ergh-83e6
Aliases: CVE-2025-32375 PYSEC-2025-32 |
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. This vulnerability is fixed in 1.4.8. |
Affected by 3 other vulnerabilities. |
|
VCID-bv3z-1yux-kka6
Aliases: CVE-2026-35044 GHSA-v959-cwq9-7hr6 PYSEC-2026-159 |
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/_internal/container/generate.py uses an unsandboxed jinja2.Environment with the jinja2.ext.do extension to render user-provided dockerfile_template files. When a victim imports a malicious bento archive and runs bentoml containerize, attacker-controlled Jinja2 template code executes arbitrary Python directly on the host machine, bypassing all container isolation. This vulnerability is fixed in 1.4.38. |
Affected by 0 other vulnerabilities. |
|
VCID-twd8-ejvs-6ffv
Aliases: CVE-2026-33744 GHSA-jfjg-vc52-wqvf PYSEC-2026-157 |
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the `docker.system_packages` field in `bentofile.yaml` accepts arbitrary strings that are interpolated directly into Dockerfile `RUN` commands without sanitization. Since `system_packages` is semantically a list of OS package names (data), users do not expect values to be interpreted as shell commands. A malicious `bentofile.yaml` achieves arbitrary command execution during `bentoml containerize` / `docker build`. Version 1.4.37 fixes the issue. |
Affected by 2 other vulnerabilities. |
|
VCID-zxca-jerw-6ycm
Aliases: CVE-2026-35043 GHSA-fgv4-6jr3-jgfw PYSEC-2026-158 |
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/_internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates system_packages directly into a shell command using an f-string without any quoting. The generated script is uploaded to BentoCloud as setup.sh and executed on the cloud build infrastructure during deployment, making this a remote code execution on the CI/CD tier. This vulnerability is fixed in 1.4.38. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:24:29.494094+00:00 | Pypa Importer | Affected by | VCID-bv3z-1yux-kka6 | https://github.com/pypa/advisory-database/blob/main/vulns/bentoml/PYSEC-2026-159.yaml | 38.6.0 |
| 2026-06-02T04:24:28.592503+00:00 | Pypa Importer | Affected by | VCID-zxca-jerw-6ycm | https://github.com/pypa/advisory-database/blob/main/vulns/bentoml/PYSEC-2026-158.yaml | 38.6.0 |
| 2026-06-02T04:24:25.387253+00:00 | Pypa Importer | Affected by | VCID-twd8-ejvs-6ffv | https://github.com/pypa/advisory-database/blob/main/vulns/bentoml/PYSEC-2026-157.yaml | 38.6.0 |
| 2026-06-02T04:22:57.882469+00:00 | Pypa Importer | Affected by | VCID-4bcc-ergh-83e6 | https://github.com/pypa/advisory-database/blob/main/vulns/bentoml/PYSEC-2025-32.yaml | 38.6.0 |