Nixpkgs security tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: python313Packages.bentoml

Found 4 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-35043
7.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 2 weeks ago
  • @LeSuisse accepted 1 month, 2 weeks ago
  • @LeSuisse published on GitHub 1 month, 2 weeks ago
BentoML: command injection in cloud deployment setup script (deployment.py)

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/_internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates system_packages directly into a shell command using an f-string without any quoting. The generated script is uploaded to BentoCloud as setup.sh and executed on the cloud build infrastructure during deployment, making this a remote code execution on the CI/CD tier. This vulnerability is fixed in 1.4.38.

Affected products

BentoML
  • ==< 1.4.38

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-35044
8.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 2 weeks ago
  • @LeSuisse accepted 1 month, 2 weeks ago
  • @LeSuisse published on GitHub 1 month, 2 weeks ago
BentoML has a Server-Side Template Injection via unsandboxed Jinja2 Environment in Dockerfile generation

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/_internal/container/generate.py uses an unsandboxed jinja2.Environment with the jinja2.ext.do extension to render user-provided dockerfile_template files. When a victim imports a malicious bento archive and runs bentoml containerize, attacker-controlled Jinja2 template code executes arbitrary Python directly on the host machine, bypassing all container isolation. This vulnerability is fixed in 1.4.38.

Affected products

BentoML
  • ==< 1.4.38

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-33744
7.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 1 month, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 3 weeks ago
  • @LeSuisse accepted 1 month, 3 weeks ago
  • @LeSuisse published on GitHub 1 month, 3 weeks ago
BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the `docker.system_packages` field in `bentofile.yaml` accepts arbitrary strings that are interpolated directly into Dockerfile `RUN` commands without sanitization. Since `system_packages` is semantically a list of OS package names (data), users do not expect values to be interpreted as shell commands. A malicious `bentofile.yaml` achieves arbitrary command execution during `bentoml containerize` / `docker build`. Version 1.4.37 fixes the issue.

Affected products

BentoML
  • ==< 1.4.37

Matching in nixpkgs

Package maintainers

Advisory: https://github.com/bentoml/BentoML/security/advisories/GHSA-jfjg-vc52-wqvf
Permalink CVE-2026-27905
updated 2 months, 3 weeks ago by @mweinelt Activity log
  • Created suggestion 2 months, 3 weeks ago
  • @mweinelt accepted 2 months, 3 weeks ago
  • @mweinelt published on GitHub 2 months, 3 weeks ago
BentoML has an Arbitrary File Write via Symlink Path Traversal in Tar Extraction

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safe_extract_tarfile() function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path, not the symlink's target. An attacker can create a malicious bento/model tar file containing a symlink pointing outside the extraction directory, followed by a regular file that writes through the symlink, achieving arbitrary file write on the host filesystem. This vulnerability is fixed in 1.4.36.

Affected products

BentoML
  • ==< 1.4.36

Matching in nixpkgs

Package maintainers

https://github.com/bentoml/BentoML/commit/4e0eb007765ac04c7924220d643f264715cc9670
https://github.com/bentoml/BentoML/security/advisories/GHSA-m6w7-qv66-g3mf