Количество 3
Количество 3
CVE-2025-27520
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. It exists an unsafe code segment in serde.py. This vulnerability is fixed in 1.4.3.
GHSA-33xw-247w-6hmc
BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
BDU:2025-04881
Уязвимость компонента serde.py библиотеки BentoML, позволяющая нарушителю выполнить произвольный код на сервере
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-27520 BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. It exists an unsafe code segment in serde.py. This vulnerability is fixed in 1.4.3. | CVSS3: 9.8 | 76% Высокий | 10 месяцев назад |
| GHSA-33xw-247w-6hmc BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization | CVSS3: 9.8 | 76% Высокий | 10 месяцев назад |
 | BDU:2025-04881 Уязвимость компонента serde.py библиотеки BentoML, позволяющая нарушителю выполнить произвольный код на сервере | CVSS3: 9.8 | 76% Высокий | 10 месяцев назад |
Уязвимостей на страницу