ГлавнаяУязвимости → CVE-2026-44346
8.8высокая

CVE-2026-44346

Описание

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentoml containerize on the imported bento, those RUN directives execute on the host during docker build. This vulnerability is fixed in 1.4.39.

Затрагиваемое ПО
Bentoml Bentoml
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://github.com/bentoml/BentoML/security/advisories/GHSA-w2pm-x38x-jp44https://github.com/bentoml/BentoML/security/advisories/GHSA-w2pm-x38x-jp44