Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/bentoml@1.2.0
Typepypi
Namespace
Namebentoml
Version1.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.4.38
Latest_non_vulnerable_version1.4.38
Affected_by_vulnerabilities
0
url VCID-4bcc-ergh-83e6
vulnerability_id VCID-4bcc-ergh-83e6
summary BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. This vulnerability is fixed in 1.4.8.
references
0
reference_url https://github.com/bentoml/BentoML/security/advisories/GHSA-7v4r-c989-xh26
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/bentoml/BentoML/security/advisories/GHSA-7v4r-c989-xh26
fixed_packages
0
url pkg:pypi/bentoml@1.4.8
purl pkg:pypi/bentoml@1.4.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bv3z-1yux-kka6
1
vulnerability VCID-twd8-ejvs-6ffv
2
vulnerability VCID-zxca-jerw-6ycm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bentoml@1.4.8
aliases CVE-2025-32375, PYSEC-2025-32
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4bcc-ergh-83e6
1
url VCID-bv3z-1yux-kka6
vulnerability_id VCID-bv3z-1yux-kka6
summary BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/_internal/container/generate.py uses an unsandboxed jinja2.Environment with the jinja2.ext.do extension to render user-provided dockerfile_template files. When a victim imports a malicious bento archive and runs bentoml containerize, attacker-controlled Jinja2 template code executes arbitrary Python directly on the host machine, bypassing all container isolation. This vulnerability is fixed in 1.4.38.
references
0
reference_url https://github.com/bentoml/BentoML/security/advisories/GHSA-v959-cwq9-7hr6
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://github.com/bentoml/BentoML/security/advisories/GHSA-v959-cwq9-7hr6
fixed_packages
0
url pkg:pypi/bentoml@1.4.38
purl pkg:pypi/bentoml@1.4.38
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bentoml@1.4.38
aliases CVE-2026-35044, GHSA-v959-cwq9-7hr6, PYSEC-2026-159
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bv3z-1yux-kka6
2
url VCID-twd8-ejvs-6ffv
vulnerability_id VCID-twd8-ejvs-6ffv
summary BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the `docker.system_packages` field in `bentofile.yaml` accepts arbitrary strings that are interpolated directly into Dockerfile `RUN` commands without sanitization. Since `system_packages` is semantically a list of OS package names (data), users do not expect values to be interpreted as shell commands. A malicious `bentofile.yaml` achieves arbitrary command execution during `bentoml containerize` / `docker build`. Version 1.4.37 fixes the issue.
references
0
reference_url https://github.com/bentoml/BentoML/security/advisories/GHSA-jfjg-vc52-wqvf
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://github.com/bentoml/BentoML/security/advisories/GHSA-jfjg-vc52-wqvf
fixed_packages
0
url pkg:pypi/bentoml@1.4.37
purl pkg:pypi/bentoml@1.4.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bv3z-1yux-kka6
1
vulnerability VCID-zxca-jerw-6ycm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bentoml@1.4.37
aliases CVE-2026-33744, GHSA-jfjg-vc52-wqvf, PYSEC-2026-157
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-twd8-ejvs-6ffv
3
url VCID-zxca-jerw-6ycm
vulnerability_id VCID-zxca-jerw-6ycm
summary BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/_internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates system_packages directly into a shell command using an f-string without any quoting. The generated script is uploaded to BentoCloud as setup.sh and executed on the cloud build infrastructure during deployment, making this a remote code execution on the CI/CD tier. This vulnerability is fixed in 1.4.38.
references
0
reference_url https://github.com/bentoml/BentoML/security/advisories/GHSA-fgv4-6jr3-jgfw
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://github.com/bentoml/BentoML/security/advisories/GHSA-fgv4-6jr3-jgfw
fixed_packages
0
url pkg:pypi/bentoml@1.4.38
purl pkg:pypi/bentoml@1.4.38
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bentoml@1.4.38
aliases CVE-2026-35043, GHSA-fgv4-6jr3-jgfw, PYSEC-2026-158
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxca-jerw-6ycm
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/bentoml@1.2.0