Количество 2
Количество 2
CVE-2024-9070
A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions <=1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is greater than 1, leading to automatic deserialization and arbitrary code execution.
GHSA-9g44-gwvm-hc44
BentoML deserialization vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-9070 A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions <=1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is greater than 1, leading to automatic deserialization and arbitrary code execution. | CVSS3: 9.8 | 0% Низкий | 11 месяцев назад |
| GHSA-9g44-gwvm-hc44 BentoML deserialization vulnerability | CVSS3: 9.8 | 0% Низкий | 11 месяцев назад |
Уязвимостей на страницу