Nixpkgs security tracker
NIXPKGS-2026-0820
GitHub issue
published 2 months, 4 weeks ago
Permalink
CVE-2026-33744
7.8 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse accepted
- @LeSuisse published on GitHub
BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the `docker.system_packages` field in `bentofile.yaml` accepts arbitrary strings that are interpolated directly into Dockerfile `RUN` commands without sanitization. Since `system_packages` is semantically a list of OS package names (data), users do not expect values to be interpreted as shell commands. A malicious `bentofile.yaml` achieves arbitrary command execution during `bentoml containerize` / `docker build`. Version 1.4.37 fixes the issue.
References
-
https://github.com/bentoml/BentoML/security/advisories/GHSA-jfjg-vc52-wqvf x_refsource_CONFIRM
Affected products
BentoML
- ==< 1.4.37
Matching in nixpkgs
pkgs.python312Packages.bentoml
None
pkgs.python313Packages.bentoml
Build Production-Grade AI Applications
Package maintainers
-
@happysalada Raphael Megzari <raphael@megzari.com>
-
@natsukium Tomoya Otabi <nixpkgs@natsukium.com>