CNNVD-202601-4321 Information
CNNVD ID
CNNVD-202601-4321
Related CVE
- CNNVD Published: 2026-01-26
Description (Chinese)
BentoML是BentoML开源的一个开源模型服务库。用于使用 Python 构建高性能和可扩展的人工智能应用程序。 BentoML 1.4.34之前版本存在路径遍历漏洞,该漏洞源于bentofile.yaml配置允许多个文件路径字段存在路径遍历攻击,可能导致敏感文件被窃取。
Description (English)
BentoML is an open source model service library for BentoML open sources. Use Python to build high performance and scalable artificial intelligence applications. BentoML 1.4.34 has a loophole in its previous version, which stems from the Bentofile.yaml configuration that allows multiple document path fields to be attacked, which may lead to the theft of sensitive documents.
Hazard Level
Medium
Vulnerability Type
路径遍历
Affected Vendor
BentoML
Published
2026-01-26
Last Modified
2026-02-24
References
https://github.com/bentoml/BentoML/commit/84d08cfeb40c5f2ce71b3d3444bbaa0fb16b5ca4 https://github.com/bentoml/BentoML/releases/tag/v1.4.34 https://github.com/bentoml/BentoML/security/advisories/GHSA-6r62-w2q3-48hf
Patch
https://github.com/bentoml/BentoML/releases
Share on: