CNNVD-202507-3667 Information

CNNVD ID

CNNVD-202507-3667

Related CVE

CVE-2025-54381

• CNNVD Published: 2025-07-29

Description (Chinese)

BentoML是BentoML开源的一个开源模型服务库。用于使用 Python 构建高性能和可扩展的人工智能应用程序。 BentoML 1.4.0至1.4.19版本存在代码问题漏洞，该漏洞源于文件上传处理系统未验证用户提供的URL，可能导致服务端请求伪造攻击。

Description (English)

BentoML is an open source model service library for BentoML open sources. Use Python to build high performance and scalable artificial intelligence applications. Versions 1.4.0 to 1.4.19 of BentoML have a code problem loophole, which stems from the failure of the file upload processing system to verify the URL provided by the user, and may result in the service-end request for a false attack.

Hazard Level

Low

Vulnerability Type

代码问题

Affected Vendor

BentoML

Published

2025-07-29

Last Modified

2026-02-24

References

https://github.com/bentoml/BentoML/commit/534c3584621da4ab954bdc3d814cc66b95ae5fb8 https://github.com/bentoml/BentoML/security/advisories/GHSA-mrmq-3q62-6cc8 https://access.redhat.com/security/cve/cve-2025-54381