Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-wzre-vn34-qqak
Summary
BentoML Denial of Service (DoS) via Multipart Boundary
BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.
Aliases
0
alias CVE-2024-9056
1
alias GHSA-hw8j-hw49-752c
Fixed_packages
Affected_packages
0
url pkg:pypi/bentoml@1.4.5
purl pkg:pypi/bentoml@1.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4bcc-ergh-83e6
1
vulnerability VCID-5mjt-8ze7-h7d9
2
vulnerability VCID-bv3z-1yux-kka6
3
vulnerability VCID-nqwe-qcu8-jkan
4
vulnerability VCID-twd8-ejvs-6ffv
5
vulnerability VCID-ujzb-bk9k-7yf2
6
vulnerability VCID-wzre-vn34-qqak
7
vulnerability VCID-zxca-jerw-6ycm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bentoml@1.4.5
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-9056
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.54028
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-9056
1
reference_url https://github.com/bentoml/BentoML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bentoml/BentoML
2
reference_url https://github.com/bentoml/BentoML/blob/a6f5f937be6ec278f3d4f3bbc6f3c8f9564820d7/src/bentoml/_internal/io_descriptors/file.py#L293
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bentoml/BentoML/blob/a6f5f937be6ec278f3d4f3bbc6f3c8f9564820d7/src/bentoml/_internal/io_descriptors/file.py#L293
3
reference_url https://github.com/bentoml/BentoML/blob/v1.4.5/src/bentoml/_internal/io_descriptors/file.py#L293C9-L293C66
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bentoml/BentoML/blob/v1.4.5/src/bentoml/_internal/io_descriptors/file.py#L293C9-L293C66
4
reference_url https://huntr.com/bounties/a24a13c2-0300-4a95-b26a-ac7fe8f6521b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:52:04Z/
url https://huntr.com/bounties/a24a13c2-0300-4a95-b26a-ac7fe8f6521b
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-9056
reference_id CVE-2024-9056
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-9056
6
reference_url https://github.com/advisories/GHSA-hw8j-hw49-752c
reference_id GHSA-hw8j-hw49-752c
reference_type
scores
url https://github.com/advisories/GHSA-hw8j-hw49-752c
Weaknesses
0
cwe_id 400
name Uncontrolled Resource Consumption
description The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
3
cwe_id 770
name Allocation of Resources Without Limits or Throttling
description The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-wzre-vn34-qqak