CVE-2024-12760

Name of the Vulnerable Software and Affected Versions bentoml/bentoml version 1.3.9

Description An open redirect issue allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft.

Recommendations For bentoml/bentoml version 1.3.9, consider validating user-inputted URLs to prevent redirects to unauthorized sites as a temporary workaround. Restrict access to sensitive operations that rely on user-supplied URLs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.