BentoML Open Redirect vulnerability

GHSA-564p-rx2q-4c8v

Published Mar 20, 2025 · Modified Apr 15, 2025

Description

An open redirect vulnerability in bentoml/bentoml v1.3.9 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-4940
PACKAGE https://github.com/bentoml/BentoML
WEB https://huntr.com/bounties/2a284ff6-cc6c-4a10-b72e-1bb31c842bca
WEB https://huntr.com/bounties/35aaea93-6895-4f03-9c1b-cd992665aa60

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes