{"data":{"id":"5ef78ba3-fa78-4be9-af81-8f66d587d668","title":"CVE-2024-9070: A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions <=1.3.4.post1. By setting ","summary":"CVE-2024-9070 is a deserialization vulnerability (a security flaw where untrusted data is converted back into executable code) in BentoML versions 1.3.4.post1 and earlier that affects the runner server component. An attacker can exploit this by setting specific parameters to execute arbitrary code (any commands they choose) on the affected server, causing severe damage.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-9070","publishedAt":"2025-03-20T14:15:46.570Z","cveId":"CVE-2024-9070","cweIds":["CWE-502"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["BentoML"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00254,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}