{"data":{"id":"9da1ba88-0695-45c0-aae3-13f48f849de1","title":"GHSA-jfjg-vc52-wqvf: BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml","summary":"BentoML has a command injection vulnerability in the `docker.system_packages` field of bentofile.yaml (a configuration file). User-provided package names are inserted directly into Docker build commands without sanitization, allowing attackers to execute arbitrary shell commands as root during the image build process. This affects all versions supporting this feature, including version 1.4.36.","solution":"The source text suggests two explicit fixes: (1) Input validation (recommended): Add a regex validator to `system_packages` in `build_config.py` that only allows alphanumeric characters, dots, plus signs, hyphens, underscores, and colons. (2) Output escaping: Apply `shlex.quote()` to each package name before interpolation in `images.py:system_packages()` and apply the `bash_quote` Jinja2 filter in `base_debian.j2`. The source notes that a `bash_quote` filter already exists in the codebase but is only currently applied to environment variables, not `system_packages`.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-jfjg-vc52-wqvf","publishedAt":"2026-03-26T07:32:44.000Z","cveId":"CVE-2026-33744","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["bentoml@<= 1.4.36 (fixed: 1.4.37)"],"affectedVendors":[],"affectedVendorsRaw":["BentoML"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-03-26T07:32:44.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0010"]}}