BentoML Remote Code Execution Vulnerability Due to Insecure Deserialization

A remote code execution vulnerability has been identified in BentoML versions 1.3.4 prior to 1.4.3. This vulnerability arises from insecure deserialization, allowing any unauthenticated user to execute arbitrary code on the server. The issue is rooted in an unsafe code segment within 'serde.py', where the deserialization process lacks proper validation, enabling the execution of maliciously crafted serialized data.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where BentoML is running.

Reproduction

To reproduce this vulnerability, set up a BentoML service that uses the 'application/vnd.bentoml+pickle' media type. After deploying the service, send a POST request with a payload that includes maliciously crafted pickle data. The crafted data should exploit the deserialization process by, for example, using a payload that executes a command via the operating system.

Remediation

Users can upgrade to BentoML version 1.4.3, where this vulnerability has been fixed.