{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T10:07:58.853","vulnerabilities":[{"cve":{"id":"CVE-2026-33744","sourceIdentifier":"security-advisories@github.com","published":"2026-03-27T01:16:21.007","lastModified":"2026-06-17T10:38:01.490","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the `docker.system_packages` field in `bentofile.yaml` accepts arbitrary strings that are interpolated directly into Dockerfile `RUN` commands without sanitization. Since `system_packages` is semantically a list of OS package names (data), users do not expect values to be interpreted as shell commands. A malicious `bentofile.yaml` achieves arbitrary command execution during `bentoml containerize` / `docker build`. Version 1.4.37 fixes the issue."},{"lang":"es","value":"BentoML es una biblioteca de Python para construir sistemas de servicio en línea optimizados para aplicaciones de IA e inferencia de modelos. Antes de la versión 1.4.37, el campo 'docker.system_packages' en 'bentofile.yaml' aceptaba cadenas arbitrarias que se interpolaban directamente en los comandos 'RUN' de Dockerfile sin sanitización. Dado que 'system_packages' es semánticamente una lista de nombres de paquetes del sistema operativo (datos), los usuarios no esperan que los valores se interpreten como comandos de shell. Un 'bentofile.yaml' malicioso logra la ejecución arbitraria de comandos durante 'bentoml containerize' / 'docker build'. La versión 1.4.37 corrige el problema."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"bentoml","product":"BentoML","versions":[{"version":"< 1.4.37","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-27T20:01:10.256531Z","id":"CVE-2026-33744","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bentoml:bentoml:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.37","matchCriteriaId":"C913A594-9EEC-40AC-A218-6FEA1F57E614"}]}]}],"references":[{"url":"https://github.com/bentoml/BentoML/security/advisories/GHSA-jfjg-vc52-wqvf","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}}]}