CVE-2024-9070 - BentoML Runner Server Deserialization Code Execution Vulnerability
CVE-2024-9070 - BentoML Runner Server Deserialization Code Execution Vulnerability
CVE ID : CVE-2024-9070 Published : March 20, 2025, 10:15 a.m. | 1 day, 4 hours ago Description : A deserialization vulnerability exists in BentoML’s runner server in bentoml/bentoml versions Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-9070
Published : March 20, 2025, 10:15 a.m. | 1 day, 4 hours ago
Description : A deserialization vulnerability exists in BentoML’s runner server in bentoml/bentoml versions <=1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is greater than 1, leading to automatic deserialization and arbitrary code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…