{"data":{"id":"75abbaad-61d5-4a0f-b40f-4a45167bd02b","title":"CVE-2024-9056: BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by app","summary":"BentoML version v1.3.4post1 has a vulnerability that allows attackers to cause a denial of service (DoS, making a service unavailable by overwhelming it with requests) by adding extra characters like dashes to the end of a multipart boundary (the delimiter that separates different parts of an HTTP request). This causes the server to waste resources processing these characters repeatedly, and since it requires no authentication or user interaction, it affects all users of the service.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-9056","publishedAt":"2025-03-20T14:15:46.453Z","cveId":"CVE-2024-9056","cweIds":["CWE-770"],"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["BentoML"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00151,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-130"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}