{"data":{"id":"92358181-5eb3-440e-a206-c36b157cc235","title":"GHSA-78f9-r8mh-4xm2: BentoML Dockerfile command injection via docker.base_image (sister of pending GHSA-w2pm-x38x-jp44 / CVE-2026-33744 / CVE-2026-35043)","summary":"BentoML has a command injection vulnerability where the `docker.base_image` field in a bento.yaml configuration file is inserted directly into a Dockerfile template without any validation or escaping. An attacker can supply a malicious bento.yaml with newlines in the `docker.base_image` value to inject arbitrary Dockerfile commands (like `RUN` directives that execute code) which get executed when a victim runs `bentoml containerize` to build a container image.","solution":"Validate `DockerOptions.base_image` at the config layer by rejecting any value containing newline characters (`\\n`, `\\r`) or whitespace beyond a single space-separated tag. The source suggests using a regex like `^[A-Za-z0-9._/-]+(:[A-Za-z0-9._-]+)?(@sha256:[a-f0-9]{64})?$` to enforce practical Docker reference format. The same hardening should be extended to other unvalidated fields in the Dockerfile template: `__options__build_include[*]`, `bento__user`, `bento__uid_gid`, `bento__path`, `bento__home`, and `bento__entrypoint`.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-78f9-r8mh-4xm2","publishedAt":"2026-05-11T14:27:06.000Z","cveId":"CVE-2026-44345","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["bentoml@<= 1.4.38 (fixed: 1.4.39)"],"affectedVendors":[],"affectedVendorsRaw":["BentoML"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-11T14:27:06.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}