CVE-2024-9056: BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by app
Summary
BentoML version v1.3.4post1 has a vulnerability that allows attackers to cause a denial of service (DoS, making a service unavailable by overwhelming it with requests) by adding extra characters like dashes to the end of a multipart boundary (the delimiter that separates different parts of an HTTP request). This causes the server to waste resources processing these characters repeatedly, and since it requires no authentication or user interaction, it affects all users of the service.
Vulnerability Details
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-9056
First tracked: February 15, 2026 at 08:45 PM
Classified by LLM (prompt v3) · confidence: 92%