CVE-2024-9056

Name of the Vulnerable Software and Affected Versions BentoML version v1.3.4post1

Description The issue is a Denial of Service (DoS) attack that can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.

Recommendations For BentoML version v1.3.4post1, consider restricting access to the HTTP request processing module to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using multipart boundaries in HTTP requests that may be vulnerable to this issue.