module
BentoML's runner server RCE
| Disclosed |
|---|
| Apr 9, 2025 |
Disclosed
Apr 9, 2025
Description
There was an insecure deserialization in BentoML's runner server prior to version 1.4.8.
By setting specific headers and parameters in the POST request, it is possible to execute unauthorized arbitrary code in the context of the user running the server,
which will grant initial access and information disclosure.
By setting specific headers and parameters in the POST request, it is possible to execute unauthorized arbitrary code in the context of the user running the server,
which will grant initial access and information disclosure.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.