Home > Vulnerability Database > CVE-2024-9056

Mend.io Vulnerability Database

CVE-2024-9056

Good to know:

Date: March 20, 2025

BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.

Severity Score

7.5

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-9056

Url: https://huntr.com/bounties/a24a13c2-0300-4a95-b26a-ac7fe8f6521b

Url: https://github.com/bentoml/BentoML/blob/v1.4.5/src/bentoml/_internal/io_descriptors/file.py#L293C9-L293C66

Url: https://github.com/bentoml/BentoML

Url: https://github.com/bentoml/BentoML/blob/a6f5f937be6ec278f3d4f3bbc6f3c8f9564820d7/src/bentoml/_internal/io_descriptors/file.py#L293

Url: https://www.mend.io/vulnerability-database/CVE-2024-9056

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-9056

Good to know:

Date: March 20, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?