CVE-2024-2912 – An insecure deserialization vulnerability exists in the BentoML framework, allowing …

16 April 2024

Vuln ID: CVE-2024-2912

Published: 2024-04-16 00:15:11.427

Description: An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is triggered when a serialized object, crafted to execute OS commands upon deserialization, is sent to any valid BentoML endpoint. This issue poses a significant security risk, enabling attackers to compromise the server and potentially gain unauthorized access or control.

Base Score: –

Vector:

Source: NVD.NIST.GOV

Date:

16 April 2024

Categorie(s):

NVD

Tag(s):

NVD

How to Delete Your Browser History29 April 2024
UK outlaws awful default passwords on connected devices29 April 2024
Account compromise of “unprecedented scale” uses everyday home devices29 April 2024
Connected devices with awful default passwords now illegal in UK29 April 2024
Chrome users report broken connections after Chrome 124 release29 April 2024