BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function g…

BentoML Python library contains a critical vulnerability prior to version 1.4.38 where the Dockerfile generation function uses an unsandboxed jinja2.Environment. Attackers can exploit this by importing malicious bento archives that contain Jinja2 template code. When victims run 'bentoml containerize', the malicious template executes arbitrary Python code on the host machine. This vulnerability bypasses container isolation and allows complete host compromise. The issue affects AI applications using BentoML for model serving and has been fixed in version 1.4.38.