CVE-2024-2912 - OpenCVE

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is triggered when a serialized object, crafted to execute OS commands upon deserialization, is sent to any valid BentoML endpoint. This issue poses a significant security risk, enabling attackers to compromise the server and potentially gain unauthorized access or control.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/bentoml/bentoml/commit/fd70379733c57c6368cc022ac1f841b7b426db7b
https://huntr.com/bounties/349a1cce-6bb5-4345-82a5-bf7041b65a68

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-04-16T00:00:15.110Z

Updated: 2024-08-01T19:25:42.151Z

Reserved: 2024-03-26T14:04:26.687Z

Link: CVE-2024-2912

Vulnrichment

Updated: 2024-08-01T19:25:42.151Z

NVD

Status : Awaiting Analysis

Published: 2024-04-16T00:15:11.427

Modified: 2024-05-22T16:15:09.713

Link: CVE-2024-2912

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2912", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-03-26T14:04:26.687Z", "datePublished": "2024-04-16T00:00:15.110Z", "dateUpdated": "2024-08-01T19:25:42.151Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "bentoml/bentoml", "vendor": "bentoml", "versions": [{"lessThanOrEqual": "1.2.4", "status": "affected", "version": "1.2.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is triggered when a serialized object, crafted to execute OS commands upon deserialization, is sent to any valid BentoML endpoint. This issue poses a significant security risk, enabling attackers to compromise the server and potentially gain unauthorized access or control.</p>"}], "value": "An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is triggered when a serialized object, crafted to execute OS commands upon deserialization, is sent to any valid BentoML endpoint. This issue poses a significant security risk, enabling attackers to compromise the server and potentially gain unauthorized access or control."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1188", "description": "CWE-1188 Insecure Default Initialization of Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-22T15:49:55.127Z"}, "references": [{"url": "https://huntr.com/bounties/349a1cce-6bb5-4345-82a5-bf7041b65a68"}, {"url": "https://github.com/bentoml/bentoml/commit/fd70379733c57c6368cc022ac1f841b7b426db7b"}], "source": {"advisory": "349a1cce-6bb5-4345-82a5-bf7041b65a68", "discovery": "EXTERNAL"}, "title": "Insecure Deserialization Leading to RCE in bentoml/bentoml", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "bentoml", "product": "bentoml", "cpes": ["cpe:2.3:a:bentoml:bentoml:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "1.2.0", "status": "affected", "lessThanOrEqual": "1.2.4", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-05T19:41:39.436852Z", "id": "CVE-2024-2912", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T19:48:04.445Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:25:42.151Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/349a1cce-6bb5-4345-82a5-bf7041b65a68", "tags": ["x_transferred"]}, {"url": "https://github.com/bentoml/bentoml/commit/fd70379733c57c6368cc022ac1f841b7b426db7b", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/349a1cce-6bb5-4345-82a5-bf7041b65a68", "tags": ["x_transferred"]}, {"url": "https://github.com/bentoml/bentoml/commit/fd70379733c57c6368cc022ac1f841b7b426db7b", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:25:42.151Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2912", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-05T19:41:39.436852Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:bentoml:bentoml:*:*:*:*:*:*:*:*"], "vendor": "bentoml", "product": "bentoml", "versions": [{"status": "affected", "version": "1.2.0", "versionType": "custom", "lessThanOrEqual": "1.2.4"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T19:37:34.891Z"}}], "cna": {"title": "Insecure Deserialization Leading to RCE in bentoml/bentoml", "source": {"advisory": "349a1cce-6bb5-4345-82a5-bf7041b65a68", "discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "bentoml", "product": "bentoml/bentoml", "versions": [{"status": "affected", "version": "1.2.0", "versionType": "custom", "lessThanOrEqual": "1.2.4"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://huntr.com/bounties/349a1cce-6bb5-4345-82a5-bf7041b65a68"}, {"url": "https://github.com/bentoml/bentoml/commit/fd70379733c57c6368cc022ac1f841b7b426db7b"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is triggered when a serialized object, crafted to execute OS commands upon deserialization, is sent to any valid BentoML endpoint. This issue poses a significant security risk, enabling attackers to compromise the server and potentially gain unauthorized access or control.", "supportingMedia": [{"type": "text/html", "value": "<p>An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is triggered when a serialized object, crafted to execute OS commands upon deserialization, is sent to any valid BentoML endpoint. This issue poses a significant security risk, enabling attackers to compromise the server and potentially gain unauthorized access or control.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1188", "description": "CWE-1188 Insecure Default Initialization of Resource"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-22T15:49:55.127Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2912", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:25:42.151Z", "dateReserved": "2024-03-26T14:04:26.687Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-04-16T00:00:15.110Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is triggered when a serialized object, crafted to execute OS commands upon deserialization, is sent to any valid BentoML endpoint. This issue poses a significant security risk, enabling attackers to compromise the server and potentially gain unauthorized access or control."}, {"lang": "es", "value": "Existe una vulnerabilidad de deserializaci\u00f3n insegura en el framework BentoML, que permite la ejecuci\u00f3n remota de c\u00f3digo (RCE) mediante el env\u00edo de una solicitud POST especialmente manipulada. Al explotar esta vulnerabilidad, los atacantes pueden ejecutar comandos arbitrarios en el servidor que aloja la aplicaci\u00f3n BentoML. La vulnerabilidad se activa cuando un objeto serializado, manipulado para ejecutar comandos del sistema operativo tras la deserializaci\u00f3n, se env\u00eda a cualquier endpoint v\u00e1lido de BentoML. Este problema plantea un riesgo de seguridad importante, ya que permite a los atacantes comprometer el servidor y potencialmente obtener acceso o control no autorizados."}], "id": "CVE-2024-2912", "lastModified": "2024-05-22T16:15:09.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-04-16T00:15:11.427", "references": [{"source": "security@huntr.dev", "url": "https://github.com/bentoml/bentoml/commit/fd70379733c57c6368cc022ac1f841b7b426db7b"}, {"source": "security@huntr.dev", "url": "https://huntr.com/bounties/349a1cce-6bb5-4345-82a5-bf7041b65a68"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1188"}], "source": "security@huntr.dev", "type": "Primary"}]}