CVE-2024-12760: BentoML Open Redirect vulnerability

March 20, 2025 (updated March 21, 2025)

An open redirect vulnerability in bentoml/bentoml v1.3.9 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft.

References

github.com/advisories/GHSA-564p-rx2q-4c8v
github.com/bentoml/BentoML
huntr.com/bounties/2a284ff6-cc6c-4a10-b72e-1bb31c842bca
nvd.nist.gov/vuln/detail/CVE-2024-12760

Code Behaviors & Features

Detect and mitigate CVE-2024-12760 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →