-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| bentoml | pip | < 1.2.5 | 1.2.5 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper media type validation during deserialization. The patch adds a critical check in ServiceAppFactory.api_endpoint that explicitly blocks 'application/vnd.bentoml+pickle' media type for the main service. Before this fix, the endpoint would accept pickle-serialized objects which are inherently unsafe due to Python's pickle module allowing arbitrary code execution during deserialization. The direct correlation between the vulnerability description (RCE via crafted POST requests) and the added media type validation in this function confirms its role in the vulnerability.
A Semantic Attack on Google Gemini - Read the Latest Research