GHSA-m6w7-qv66-g3mf: BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction
highvulnerability
security
Summary
BentoML's `safe_extract_tarfile()` function has a security flaw where it validates that symlink paths (links that point to other files) are within the extraction directory, but it doesn't validate where those symlinks actually point to. An attacker can create a malicious tar file with a symlink pointing outside the directory and follow it with a regular file, allowing them to write files anywhere on the system. This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 8.1 (High).
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Affected Packages
bentoml@< 1.4.36 (fixed: 1.4.36)
Related Issues
Original source: https://github.com/advisories/GHSA-m6w7-qv66-g3mf
First tracked: March 3, 2026 at 03:00 PM
Classified by LLM (prompt v3) · confidence: 95%