GHSA-564p-rx2q-4c8v: BentoML Open Redirect vulnerability

March 20, 2025 (updated April 15, 2025)

An open redirect vulnerability in bentoml/bentoml v1.3.9 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft.

References

github.com/advisories/GHSA-564p-rx2q-4c8v
github.com/bentoml/BentoML
huntr.com/bounties/2a284ff6-cc6c-4a10-b72e-1bb31c842bca
huntr.com/bounties/35aaea93-6895-4f03-9c1b-cd992665aa60
nvd.nist.gov/vuln/detail/CVE-2024-4940

Code Behaviors & Features

Detect and mitigate GHSA-564p-rx2q-4c8v with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →