CVE-2024-2912
📋 TL;DR
This CVE describes a critical insecure deserialization vulnerability in BentoML that allows remote attackers to execute arbitrary commands on servers by sending specially crafted POST requests. Any system running vulnerable BentoML versions with exposed endpoints is affected. Attackers can achieve full server compromise through this remote code execution flaw.
💻 Affected Systems
- BentoML
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server takeover, data exfiltration, lateral movement to other systems, and persistent backdoor installation.
Likely Case
Server compromise leading to data theft, cryptocurrency mining, or ransomware deployment.
If Mitigated
Limited impact with proper network segmentation and endpoint protection, though RCE still possible.
🎯 Exploit Status
Exploitation requires sending a crafted serialized object to any valid BentoML endpoint via POST request.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version containing commit fd70379733c57c6368cc022ac1f841b7b426db7b
Vendor Advisory: https://github.com/bentoml/bentoml/commit/fd70379733c57c6368cc022ac1f841b7b426db7b
Restart Required: Yes
Instructions:
1. Update BentoML to the latest version containing the security fix. 2. Restart all BentoML services. 3. Verify the fix by checking the version and testing endpoints.
🔧 Temporary Workarounds
Network Access Control
linuxRestrict access to BentoML endpoints using firewall rules or network segmentation.
iptables -A INPUT -p tcp --dport <bentoml_port> -s <allowed_ips> -j ACCEPT
iptables -A INPUT -p tcp --dport <bentoml_port> -j DROP
Web Application Firewall
allDeploy WAF rules to block serialized object patterns in POST requests.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate BentoML instances from sensitive systems
- Deploy runtime application self-protection (RASP) or endpoint detection and response (EDR) to monitor for exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check if BentoML version is before the fix commit fd70379733c57c6368cc022ac1f841b7b426db7b. Review application logs for suspicious POST requests with serialized objects.Check Version:
python -c "import bentoml; print(bentoml.__version__)"Verify Fix Applied:
Verify BentoML version includes the security fix commit. Test endpoints with safe payloads to ensure proper deserialization handling.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to BentoML endpoints
- Serialized object patterns in request bodies
- Unexpected process execution or command execution
Network Indicators:
- POST requests containing serialized object patterns to BentoML ports
- Unusual outbound connections from BentoML servers
SIEM Query:
source="bentoml" AND (method="POST" AND (body="*pickle*" OR body="*serialized*" OR body="*__reduce__*"))