[repro] 2026-01-07 20:53:14 - Installing dependencies (bentoml vulnerable range and requests)
[repro] 2026-01-07 20:53:53 - Installed: bentoml 1.4.2
[repro] 2026-01-07 20:53:53 - Starting BentoML service on 127.0.0.1:3000
[repro] 2026-01-07 20:53:53 - Server started with pid 3088
[repro] 2026-01-07 20:53:53 - Waiting for server to become ready...
[repro] 2026-01-07 20:53:58 - Server is responding on /
[repro] 2026-01-07 20:55:25 - Killing existing server pid=3088
[repro] 2026-01-07 20:55:27 - Installing dependencies (bentoml vulnerable range and requests)
[repro] 2026-01-07 20:55:33 - Installed: bentoml 1.4.2
[repro] 2026-01-07 20:55:33 - Starting BentoML service on 127.0.0.1:3000
[repro] 2026-01-07 20:55:33 - Server started with pid 3239
[repro] 2026-01-07 20:55:33 - Waiting for server to become ready...
[repro] 2026-01-07 20:55:37 - Server is responding on /
[repro] 2026-01-07 20:55:37 - Attempt 1: sending malicious pickle with marker RCE_ATTEMPT_1_1767819337373405446
[repro] 2026-01-07 20:55:39 - Attempt 2: sending malicious pickle with marker RCE_ATTEMPT_2_1767819337373405446
[repro] 2026-01-07 20:55:40 - Attempt 3: sending malicious pickle with marker RCE_ATTEMPT_3_1767819337373405446
[repro] 2026-01-07 20:55:42 - Server log tail:
[server] 2026-01-07T20:55:35+0000 [INFO] [cli] Starting production HTTP BentoServer from "service:Summarization" listening on http://127.0.0.1:3000 (Press CTRL+C to quit)
[server] 2026-01-07T20:55:37+0000 [INFO] [entry_service:Summarization:1] Service Summarization initialized
[server] 2026-01-07T20:55:37+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:26405 (scheme=http,method=GET,path=/,type=,length=) (status=200,type=text/html; charset=utf-8,length=2945) 12.392ms (trace=d8058bb56fd401c2eb8de48a880408b0,span=2cc131b689c03308,sampled=0,service.name=None)
[server] nvm
[server] 2026-01-07T20:55:38+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=c31fdf8c14e7026bb8698cf54f510e22,span=205d36dc0edc2730,sampled=0,service.name=None)
[server] Traceback (most recent call last):
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 599, in api_endpoint_wrapper
[server]     resp = await self.api_endpoint(name, request)
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 654, in api_endpoint
[server]     input_data = await method.input_spec.from_http_request(request, serde)
[server]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 74, in parse_request
[server]     return self.deserialize_model(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 240, in deserialize_model
[server]     obj = cls.model_validate(obj)
[server]           ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 716, in model_validate
[server]     return cls.__pydantic_validator__.validate_python(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server]   Input should be a valid dictionary or instance of Input [type=model_type, input_value=0, input_type=int]
[server]     For further information visit https://errors.pydantic.dev/2.12/v/model_type
[server] 2026-01-07T20:55:38+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:54386 (scheme=http,method=POST,path=/summarize,type=application/vnd.bentoml+pickle,length=173) (status=400,type=application/json,length=200) 492.737ms (trace=c31fdf8c14e7026bb8698cf54f510e22,span=205d36dc0edc2730,sampled=0,service.name=None)
[server] nvm
[server] 2026-01-07T20:55:39+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=99fa3cb1676099a30c9fe4de37f38b3d,span=4823c404ca103004,sampled=0,service.name=None)
[server] Traceback (most recent call last):
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 599, in api_endpoint_wrapper
[server]     resp = await self.api_endpoint(name, request)
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 654, in api_endpoint
[server]     input_data = await method.input_spec.from_http_request(request, serde)
[server]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 74, in parse_request
[server]     return self.deserialize_model(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 240, in deserialize_model
[server]     obj = cls.model_validate(obj)
[server]           ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 716, in model_validate
[server]     return cls.__pydantic_validator__.validate_python(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server]   Input should be a valid dictionary or instance of Input [type=model_type, input_value=0, input_type=int]
[server]     For further information visit https://errors.pydantic.dev/2.12/v/model_type
[server] 2026-01-07T20:55:39+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:22092 (scheme=http,method=POST,path=/summarize,type=application/vnd.bentoml+pickle,length=182) (status=400,type=application/json,length=200) 452.327ms (trace=99fa3cb1676099a30c9fe4de37f38b3d,span=4823c404ca103004,sampled=0,service.name=None)
[server] 2026-01-07T20:55:41+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=3e888276afc84c30f243540420a4bffb,span=62538b7480aa6e5a,sampled=0,service.name=None)
[server] Traceback (most recent call last):
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 599, in api_endpoint_wrapper
[server]     resp = await self.api_endpoint(name, request)
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 654, in api_endpoint
[server]     input_data = await method.input_spec.from_http_request(request, serde)
[server]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 74, in parse_request
[server]     return self.deserialize_model(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 240, in deserialize_model
[server]     obj = cls.model_validate(obj)
[server]           ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 716, in model_validate
[server]     return cls.__pydantic_validator__.validate_python(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server]   Input should be a valid dictionary or instance of Input [type=model_type, input_value=<os._wrap_close object at 0x7efb98ca9250>, input_type=_wrap_close]
[server]     For further information visit https://errors.pydantic.dev/2.12/v/model_type
[server] 2026-01-07T20:55:41+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:61301 (scheme=http,method=POST,path=/summarize,type=application/vnd.bentoml+pickle,length=169) (status=400,type=application/json,length=200) 4.618ms (trace=3e888276afc84c30f243540420a4bffb,span=62538b7480aa6e5a,sampled=0,service.name=None)
[repro] 2026-01-07 20:55:42 - SUCCESS: Insecure deserialization RCE reproduced. Proof file: /root/.pruva/runs/ghsa-33xw-247w-6hmc_20260107-204845/bundle/logs/rce_proof.txt
[repro] 2026-01-07 20:55:44 - Killing existing server pid=3239
[repro] 2026-01-07 20:57:56 - Installing dependencies (bentoml vulnerable range and requests)
[repro] 2026-01-07 20:58:02 - Installed: bentoml 1.4.2
[repro] 2026-01-07 20:58:02 - Starting BentoML service on 127.0.0.1:3000
[repro] 2026-01-07 20:58:02 - Server started with pid 3683
[repro] 2026-01-07 20:58:02 - Waiting for server to become ready...
[repro] 2026-01-07 20:58:06 - Server is responding on /
[repro] 2026-01-07 20:58:06 - Attempt 1: sending malicious pickle with marker RCE_ATTEMPT_1_1767819486581945780
[repro] 2026-01-07 20:58:08 - Attempt 2: sending malicious pickle with marker RCE_ATTEMPT_2_1767819486581945780
[repro] 2026-01-07 20:58:10 - Attempt 3: sending malicious pickle with marker RCE_ATTEMPT_3_1767819486581945780
[repro] 2026-01-07 20:58:11 - Server log tail:
[server] 2026-01-07T20:58:04+0000 [INFO] [cli] Starting production HTTP BentoServer from "service:Summarization" listening on http://127.0.0.1:3000 (Press CTRL+C to quit)
[server] 2026-01-07T20:58:06+0000 [INFO] [entry_service:Summarization:1] Service Summarization initialized
[server] 2026-01-07T20:58:06+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:65133 (scheme=http,method=GET,path=/,type=,length=) (status=200,type=text/html; charset=utf-8,length=2945) 12.388ms (trace=2766e6babe959bb8078c4900eefaaa04,span=14c85e86fabe4a4d,sampled=0,service.name=None)
[server] nvm
[server] 2026-01-07T20:58:07+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=3ab4ec2adc63573b3fb5846a11cac946,span=4795a385dd4f2b89,sampled=0,service.name=None)
[server] Traceback (most recent call last):
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 599, in api_endpoint_wrapper
[server]     resp = await self.api_endpoint(name, request)
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 654, in api_endpoint
[server]     input_data = await method.input_spec.from_http_request(request, serde)
[server]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 74, in parse_request
[server]     return self.deserialize_model(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 240, in deserialize_model
[server]     obj = cls.model_validate(obj)
[server]           ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 716, in model_validate
[server]     return cls.__pydantic_validator__.validate_python(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server]   Input should be a valid dictionary or instance of Input [type=model_type, input_value=0, input_type=int]
[server]     For further information visit https://errors.pydantic.dev/2.12/v/model_type
[server] 2026-01-07T20:58:07+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:22608 (scheme=http,method=POST,path=/summarize,type=application/vnd.bentoml+pickle,length=173) (status=400,type=application/json,length=200) 465.070ms (trace=3ab4ec2adc63573b3fb5846a11cac946,span=4795a385dd4f2b89,sampled=0,service.name=None)
[server] nvm
[server] 2026-01-07T20:58:09+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=6a42334a69d31f8ba9d63ba45b7f1b38,span=c2a1a4c21e242600,sampled=0,service.name=None)
[server] Traceback (most recent call last):
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 599, in api_endpoint_wrapper
[server]     resp = await self.api_endpoint(name, request)
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 654, in api_endpoint
[server]     input_data = await method.input_spec.from_http_request(request, serde)
[server]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 74, in parse_request
[server]     return self.deserialize_model(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 240, in deserialize_model
[server]     obj = cls.model_validate(obj)
[server]           ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 716, in model_validate
[server]     return cls.__pydantic_validator__.validate_python(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server]   Input should be a valid dictionary or instance of Input [type=model_type, input_value=0, input_type=int]
[server]     For further information visit https://errors.pydantic.dev/2.12/v/model_type
[server] 2026-01-07T20:58:09+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:26270 (scheme=http,method=POST,path=/summarize,type=application/vnd.bentoml+pickle,length=182) (status=400,type=application/json,length=200) 458.481ms (trace=6a42334a69d31f8ba9d63ba45b7f1b38,span=c2a1a4c21e242600,sampled=0,service.name=None)
[server] 2026-01-07T20:58:10+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=2e4ba24fe55dfb9b92df0dc5a4f7531e,span=e388b0424ed2cef4,sampled=0,service.name=None)
[server] Traceback (most recent call last):
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 599, in api_endpoint_wrapper
[server]     resp = await self.api_endpoint(name, request)
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 654, in api_endpoint
[server]     input_data = await method.input_spec.from_http_request(request, serde)
[server]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 74, in parse_request
[server]     return self.deserialize_model(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 240, in deserialize_model
[server]     obj = cls.model_validate(obj)
[server]           ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 716, in model_validate
[server]     return cls.__pydantic_validator__.validate_python(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server]   Input should be a valid dictionary or instance of Input [type=model_type, input_value=<os._wrap_close object at 0x7ed65ad89250>, input_type=_wrap_close]
[server]     For further information visit https://errors.pydantic.dev/2.12/v/model_type
[server] 2026-01-07T20:58:10+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:44352 (scheme=http,method=POST,path=/summarize,type=application/vnd.bentoml+pickle,length=169) (status=400,type=application/json,length=200) 3.756ms (trace=2e4ba24fe55dfb9b92df0dc5a4f7531e,span=e388b0424ed2cef4,sampled=0,service.name=None)
[repro] 2026-01-07 20:58:11 - SUCCESS: Insecure deserialization RCE reproduced. Proof file: /root/.pruva/runs/ghsa-33xw-247w-6hmc_20260107-204845/bundle/logs/rce_proof.txt
[repro] 2026-01-07 20:58:13 - Killing existing server pid=3683
[repro] 2026-01-07 21:03:01 - Installing vulnerable bentoml range (<1.4.3) and requests
[repro] 2026-01-07 21:03:09 - Installed vulnerable bentoml: 1.4.2
[repro] 2026-01-07 21:03:09 - Starting BentoML service on 127.0.0.1:3000
[repro] 2026-01-07 21:03:09 - Server started with pid 5408
[repro] 2026-01-07 21:03:09 - Waiting for server on port 3000 to become ready...
[repro] 2026-01-07 21:03:13 - Server on 3000 is responding
[repro] 2026-01-07 21:03:13 - Attempt 1: sending malicious pickle with marker RCE_ATTEMPT_1_1767819793772764364
[repro] 2026-01-07 21:03:15 - Attempt 2: sending malicious pickle with marker RCE_ATTEMPT_2_1767819793772764364
[repro] 2026-01-07 21:03:17 - Attempt 3: sending malicious pickle with marker RCE_ATTEMPT_3_1767819793772764364
[repro] 2026-01-07 21:03:18 - Server log tail (vulnerable):
[server] 2026-01-07T21:03:11+0000 [INFO] [cli] Starting production HTTP BentoServer from "service:Summarization" listening on http://127.0.0.1:3000 (Press CTRL+C to quit)
[server] 2026-01-07T21:03:13+0000 [INFO] [entry_service:Summarization:1] Service Summarization initialized
[server] 2026-01-07T21:03:13+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:41217 (scheme=http,method=GET,path=/,type=,length=) (status=200,type=text/html; charset=utf-8,length=2945) 12.299ms (trace=937b02fd88c405c2b19119d54ca2c7be,span=61049acb9f0a81bf,sampled=0,service.name=None)
[server] nvm
[server] 2026-01-07T21:03:14+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=442603dd71c3a5bbb0ad53d1edcaa9f0,span=d527812f97f03699,sampled=0,service.name=None)
[server] Traceback (most recent call last):
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 599, in api_endpoint_wrapper
[server]     resp = await self.api_endpoint(name, request)
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 654, in api_endpoint
[server]     input_data = await method.input_spec.from_http_request(request, serde)
[server]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 74, in parse_request
[server]     return self.deserialize_model(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 240, in deserialize_model
[server]     obj = cls.model_validate(obj)
[server]           ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 716, in model_validate
[server]     return cls.__pydantic_validator__.validate_python(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server]   Input should be a valid dictionary or instance of Input [type=model_type, input_value=0, input_type=int]
[server]     For further information visit https://errors.pydantic.dev/2.12/v/model_type
[server] 2026-01-07T21:03:14+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:56101 (scheme=http,method=POST,path=/summarize,type=application/vnd.bentoml+pickle,length=173) (status=400,type=application/json,length=200) 479.734ms (trace=442603dd71c3a5bbb0ad53d1edcaa9f0,span=d527812f97f03699,sampled=0,service.name=None)
[server] nvm
[server] 2026-01-07T21:03:16+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=b9e60a577b61614194e7db0e205fc3c0,span=5b0af4fef8c1016f,sampled=0,service.name=None)
[server] Traceback (most recent call last):
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 599, in api_endpoint_wrapper
[server]     resp = await self.api_endpoint(name, request)
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 654, in api_endpoint
[server]     input_data = await method.input_spec.from_http_request(request, serde)
[server]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 74, in parse_request
[server]     return self.deserialize_model(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 240, in deserialize_model
[server]     obj = cls.model_validate(obj)
[server]           ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 716, in model_validate
[server]     return cls.__pydantic_validator__.validate_python(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server]   Input should be a valid dictionary or instance of Input [type=model_type, input_value=0, input_type=int]
[server]     For further information visit https://errors.pydantic.dev/2.12/v/model_type
[server] 2026-01-07T21:03:16+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:37342 (scheme=http,method=POST,path=/summarize,type=application/vnd.bentoml+pickle,length=182) (status=400,type=application/json,length=200) 515.336ms (trace=b9e60a577b61614194e7db0e205fc3c0,span=5b0af4fef8c1016f,sampled=0,service.name=None)
[server] 2026-01-07T21:03:17+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=652200c8bcff8a74b294ffa6ef9b9815,span=5f225dc6bc86806f,sampled=0,service.name=None)
[server] Traceback (most recent call last):
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 599, in api_endpoint_wrapper
[server]     resp = await self.api_endpoint(name, request)
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 654, in api_endpoint
[server]     input_data = await method.input_spec.from_http_request(request, serde)
[server]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 74, in parse_request
[server]     return self.deserialize_model(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 240, in deserialize_model
[server]     obj = cls.model_validate(obj)
[server]           ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 716, in model_validate
[server]     return cls.__pydantic_validator__.validate_python(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server]   Input should be a valid dictionary or instance of Input [type=model_type, input_value=<os._wrap_close object at 0x7eb9794a1b10>, input_type=_wrap_close]
[server]     For further information visit https://errors.pydantic.dev/2.12/v/model_type
[server] 2026-01-07T21:03:17+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:53009 (scheme=http,method=POST,path=/summarize,type=application/vnd.bentoml+pickle,length=169) (status=400,type=application/json,length=200) 4.125ms (trace=652200c8bcff8a74b294ffa6ef9b9815,span=5f225dc6bc86806f,sampled=0,service.name=None)
[repro] 2026-01-07 21:03:18 - SUCCESS: Insecure deserialization RCE reproduced on vulnerable version. Proof: /root/.pruva/runs/ghsa-33xw-247w-6hmc_20260107-204845/bundle/logs/rce_proof.txt
[repro] 2026-01-07 21:03:21 - Installing latest patched bentoml (>=1.4.3)
[repro] 2026-01-07 21:03:26 - Installed patched bentoml: 1.4.30
[repro] 2026-01-07 21:03:27 - Starting patched BentoML service on 127.0.0.1:3001
[repro] 2026-01-07 21:03:27 - Patched server started with pid 5728
[repro] 2026-01-07 21:03:27 - Waiting for server on port 3001 to become ready...
[repro] 2026-01-07 21:03:31 - Server on 3001 is responding
[repro] 2026-01-07 21:03:31 - Patched server log tail:
[server patched] Traceback (most recent call last):
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 713, in api_endpoint_wrapper
[server patched]     resp = await self.api_endpoint(name, request)
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 770, in api_endpoint
[server patched]     raise BentoMLException(
[server patched] bentoml.exceptions.BentoMLException: application/vnd.bentoml+pickle is not allowed in main server
[server patched] 2026-01-07T21:03:31+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:39898 (scheme=http,method=POST,path=/summarize,type=application/vnd.bentoml+pickle;param=x,length=175) (status=415,type=application/json,length=74) 1.177ms (trace=3ef0e7ab09b9d319fbeed71c72e877fc,span=253ea03d510506ab,sampled=0,service.name=None)
[server patched] 2026-01-07T21:03:31+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=e40b108bb049856380246040629137b3,span=a5da6d8930ec3368,sampled=0,service.name=None)
[server patched] Traceback (most recent call last):
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 713, in api_endpoint_wrapper
[server patched]     resp = await self.api_endpoint(name, request)
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 779, in api_endpoint
[server patched]     input_data = await method.input_spec.from_http_request(request, serde)
[server patched]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server patched]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 184, in parse_request
[server patched]     return self.deserialize_model(Payload((body,), metadata=request.headers), cls)
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 187, in deserialize_model
[server patched]     return cls.model_validate_json(b"".join(payload.data) or b"{}")
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 766, in model_validate_json
[server patched]     return cls.__pydantic_validator__.validate_json(
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server patched]   Invalid JSON: expected value at line 1 column 1 [type=json_invalid, input_value=b"\x80\x04\x95\xa4\x00\x0....txt'\x94\x85\x94R\x94.", input_type=bytes]
[server patched]     For further information visit https://errors.pydantic.dev/2.12/v/json_invalid
[server patched] 2026-01-07T21:03:31+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:58001 (scheme=http,method=POST,path=/summarize,type=application/octet-stream,length=175) (status=400,type=application/json,length=196) 1.911ms (trace=e40b108bb049856380246040629137b3,span=a5da6d8930ec3368,sampled=0,service.name=None)
[server patched] 2026-01-07T21:03:31+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=ff28109eaf5a181205bff018c8982ec0,span=4a7dafd0efbd7118,sampled=0,service.name=None)
[server patched] Traceback (most recent call last):
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 713, in api_endpoint_wrapper
[server patched]     resp = await self.api_endpoint(name, request)
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 779, in api_endpoint
[server patched]     input_data = await method.input_spec.from_http_request(request, serde)
[server patched]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server patched]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 184, in parse_request
[server patched]     return self.deserialize_model(Payload((body,), metadata=request.headers), cls)
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 187, in deserialize_model
[server patched]     return cls.model_validate_json(b"".join(payload.data) or b"{}")
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 766, in model_validate_json
[server patched]     return cls.__pydantic_validator__.validate_json(
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server patched]   Invalid JSON: expected value at line 1 column 1 [type=json_invalid, input_value=b"\x80\x04\x95\xa4\x00\x0....txt'\x94\x85\x94R\x94.", input_type=bytes]
[server patched]     For further information visit https://errors.pydantic.dev/2.12/v/json_invalid
[server patched] 2026-01-07T21:03:31+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:58661 (scheme=http,method=POST,path=/summarize,type=text/plain,length=175) (status=400,type=application/json,length=196) 2.209ms (trace=ff28109eaf5a181205bff018c8982ec0,span=4a7dafd0efbd7118,sampled=0,service.name=None)
[server patched] 2026-01-07T21:03:31+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=40288cb727164612f6cb100a3a96b640,span=d74b1d350872d4fb,sampled=0,service.name=None)
[server patched] Traceback (most recent call last):
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 713, in api_endpoint_wrapper
[server patched]     resp = await self.api_endpoint(name, request)
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 779, in api_endpoint
[server patched]     input_data = await method.input_spec.from_http_request(request, serde)
[server patched]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server patched]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 184, in parse_request
[server patched]     return self.deserialize_model(Payload((body,), metadata=request.headers), cls)
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 187, in deserialize_model
[server patched]     return cls.model_validate_json(b"".join(payload.data) or b"{}")
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 766, in model_validate_json
[server patched]     return cls.__pydantic_validator__.validate_json(
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server patched]   Invalid JSON: expected value at line 1 column 1 [type=json_invalid, input_value=b"\x80\x04\x95\xa5\x00\x0....txt'\x94\x85\x94R\x94.", input_type=bytes]
[server patched]     For further information visit https://errors.pydantic.dev/2.12/v/json_invalid
[server patched] 2026-01-07T21:03:31+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:36153 (scheme=http,method=POST,path=/summarize,type=application/vnd.bentoml+pickle, application/json,length=176) (status=400,type=application/json,length=196) 1.664ms (trace=40288cb727164612f6cb100a3a96b640,span=d74b1d350872d4fb,sampled=0,service.name=None)
[repro] 2026-01-07 21:04:01 - Installing vulnerable bentoml range (<1.4.3) and requests
[repro] 2026-01-07 21:04:08 - Installed vulnerable bentoml: 1.4.2
[repro] 2026-01-07 21:04:08 - Starting BentoML service on 127.0.0.1:3000
[repro] 2026-01-07 21:04:08 - Server started with pid 5916
[repro] 2026-01-07 21:04:08 - Waiting for server on port 3000 to become ready...
[repro] 2026-01-07 21:04:12 - Server on 3000 is responding
[repro] 2026-01-07 21:04:12 - Attempt 1: sending malicious pickle with marker RCE_ATTEMPT_1_1767819852647667409
[repro] 2026-01-07 21:04:14 - Attempt 2: sending malicious pickle with marker RCE_ATTEMPT_2_1767819852647667409
[repro] 2026-01-07 21:04:16 - Attempt 3: sending malicious pickle with marker RCE_ATTEMPT_3_1767819852647667409
[repro] 2026-01-07 21:04:17 - Server log tail (vulnerable):
[server] 2026-01-07T21:04:10+0000 [INFO] [cli] Starting production HTTP BentoServer from "service:Summarization" listening on http://127.0.0.1:3000 (Press CTRL+C to quit)
[server] 2026-01-07T21:04:12+0000 [INFO] [entry_service:Summarization:1] Service Summarization initialized
[server] 2026-01-07T21:04:12+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:30550 (scheme=http,method=GET,path=/,type=,length=) (status=200,type=text/html; charset=utf-8,length=2945) 11.944ms (trace=30773eb0b0252db85e288bb594576d9f,span=7f9270065690f364,sampled=0,service.name=None)
[server] nvm
[server] 2026-01-07T21:04:13+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=3587b18bb8b90150c586630ed4512523,span=6169d1361d89e644,sampled=0,service.name=None)
[server] Traceback (most recent call last):
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 599, in api_endpoint_wrapper
[server]     resp = await self.api_endpoint(name, request)
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 654, in api_endpoint
[server]     input_data = await method.input_spec.from_http_request(request, serde)
[server]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 74, in parse_request
[server]     return self.deserialize_model(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 240, in deserialize_model
[server]     obj = cls.model_validate(obj)
[server]           ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 716, in model_validate
[server]     return cls.__pydantic_validator__.validate_python(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server]   Input should be a valid dictionary or instance of Input [type=model_type, input_value=0, input_type=int]
[server]     For further information visit https://errors.pydantic.dev/2.12/v/model_type
[server] 2026-01-07T21:04:13+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:22992 (scheme=http,method=POST,path=/summarize,type=application/vnd.bentoml+pickle,length=173) (status=400,type=application/json,length=200) 479.681ms (trace=3587b18bb8b90150c586630ed4512523,span=6169d1361d89e644,sampled=0,service.name=None)
[server] nvm
[server] 2026-01-07T21:04:15+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=4beb534593f652b9e67be641cdf6a1fb,span=06835e5cbe760838,sampled=0,service.name=None)
[server] Traceback (most recent call last):
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 599, in api_endpoint_wrapper
[server]     resp = await self.api_endpoint(name, request)
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 654, in api_endpoint
[server]     input_data = await method.input_spec.from_http_request(request, serde)
[server]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 74, in parse_request
[server]     return self.deserialize_model(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 240, in deserialize_model
[server]     obj = cls.model_validate(obj)
[server]           ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 716, in model_validate
[server]     return cls.__pydantic_validator__.validate_python(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server]   Input should be a valid dictionary or instance of Input [type=model_type, input_value=0, input_type=int]
[server]     For further information visit https://errors.pydantic.dev/2.12/v/model_type
[server] 2026-01-07T21:04:15+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:52100 (scheme=http,method=POST,path=/summarize,type=application/vnd.bentoml+pickle,length=182) (status=400,type=application/json,length=200) 488.826ms (trace=4beb534593f652b9e67be641cdf6a1fb,span=06835e5cbe760838,sampled=0,service.name=None)
[server] 2026-01-07T21:04:16+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=3d6cf87272edaf22060085f2966d5288,span=81ed8b638595c476,sampled=0,service.name=None)
[server] Traceback (most recent call last):
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 599, in api_endpoint_wrapper
[server]     resp = await self.api_endpoint(name, request)
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 654, in api_endpoint
[server]     input_data = await method.input_spec.from_http_request(request, serde)
[server]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 74, in parse_request
[server]     return self.deserialize_model(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 240, in deserialize_model
[server]     obj = cls.model_validate(obj)
[server]           ^^^^^^^^^^^^^^^^^^^^^^^
[server]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 716, in model_validate
[server]     return cls.__pydantic_validator__.validate_python(
[server]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server]   Input should be a valid dictionary or instance of Input [type=model_type, input_value=<os._wrap_close object at 0x7efa2410ef10>, input_type=_wrap_close]
[server]     For further information visit https://errors.pydantic.dev/2.12/v/model_type
[server] 2026-01-07T21:04:16+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:44432 (scheme=http,method=POST,path=/summarize,type=application/vnd.bentoml+pickle,length=169) (status=400,type=application/json,length=200) 3.846ms (trace=3d6cf87272edaf22060085f2966d5288,span=81ed8b638595c476,sampled=0,service.name=None)
[repro] 2026-01-07 21:04:17 - SUCCESS: Insecure deserialization RCE reproduced on vulnerable version. Proof: /root/.pruva/runs/ghsa-33xw-247w-6hmc_20260107-204845/bundle/logs/rce_proof.txt
[repro] 2026-01-07 21:04:20 - Installing latest patched bentoml (>=1.4.3)
[repro] 2026-01-07 21:04:25 - Installed patched bentoml: 1.4.30
[repro] 2026-01-07 21:04:25 - Starting patched BentoML service on 127.0.0.1:3001
[repro] 2026-01-07 21:04:25 - Patched server started with pid 6240
[repro] 2026-01-07 21:04:25 - Waiting for server on port 3001 to become ready...
[repro] 2026-01-07 21:04:29 - Server on 3001 is responding
[repro] 2026-01-07 21:04:30 - Patched server log tail:
[server patched] Traceback (most recent call last):
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 713, in api_endpoint_wrapper
[server patched]     resp = await self.api_endpoint(name, request)
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 770, in api_endpoint
[server patched]     raise BentoMLException(
[server patched] bentoml.exceptions.BentoMLException: application/vnd.bentoml+pickle is not allowed in main server
[server patched] 2026-01-07T21:04:29+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:59257 (scheme=http,method=POST,path=/summarize,type=application/vnd.bentoml+pickle;param=x,length=175) (status=415,type=application/json,length=74) 1.065ms (trace=3ccf260bcb2bf3bebd6fe8edea049e89,span=18bee3a22cccb71e,sampled=0,service.name=None)
[server patched] 2026-01-07T21:04:29+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=147ffd0bd80b4e0d881d20481d4118a9,span=6374af43cb0f9b34,sampled=0,service.name=None)
[server patched] Traceback (most recent call last):
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 713, in api_endpoint_wrapper
[server patched]     resp = await self.api_endpoint(name, request)
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 779, in api_endpoint
[server patched]     input_data = await method.input_spec.from_http_request(request, serde)
[server patched]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server patched]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 184, in parse_request
[server patched]     return self.deserialize_model(Payload((body,), metadata=request.headers), cls)
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 187, in deserialize_model
[server patched]     return cls.model_validate_json(b"".join(payload.data) or b"{}")
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 766, in model_validate_json
[server patched]     return cls.__pydantic_validator__.validate_json(
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server patched]   Invalid JSON: expected value at line 1 column 1 [type=json_invalid, input_value=b"\x80\x04\x95\xa4\x00\x0....txt'\x94\x85\x94R\x94.", input_type=bytes]
[server patched]     For further information visit https://errors.pydantic.dev/2.12/v/json_invalid
[server patched] 2026-01-07T21:04:29+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:26335 (scheme=http,method=POST,path=/summarize,type=application/octet-stream,length=175) (status=400,type=application/json,length=196) 2.018ms (trace=147ffd0bd80b4e0d881d20481d4118a9,span=6374af43cb0f9b34,sampled=0,service.name=None)
[server patched] 2026-01-07T21:04:29+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=087349451cbbf2ae573e4207fed41362,span=6dd38e5c44bec37c,sampled=0,service.name=None)
[server patched] Traceback (most recent call last):
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 713, in api_endpoint_wrapper
[server patched]     resp = await self.api_endpoint(name, request)
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 779, in api_endpoint
[server patched]     input_data = await method.input_spec.from_http_request(request, serde)
[server patched]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server patched]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 184, in parse_request
[server patched]     return self.deserialize_model(Payload((body,), metadata=request.headers), cls)
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 187, in deserialize_model
[server patched]     return cls.model_validate_json(b"".join(payload.data) or b"{}")
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 766, in model_validate_json
[server patched]     return cls.__pydantic_validator__.validate_json(
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server patched]   Invalid JSON: expected value at line 1 column 1 [type=json_invalid, input_value=b"\x80\x04\x95\xa4\x00\x0....txt'\x94\x85\x94R\x94.", input_type=bytes]
[server patched]     For further information visit https://errors.pydantic.dev/2.12/v/json_invalid
[server patched] 2026-01-07T21:04:29+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:49186 (scheme=http,method=POST,path=/summarize,type=text/plain,length=175) (status=400,type=application/json,length=196) 2.302ms (trace=087349451cbbf2ae573e4207fed41362,span=6dd38e5c44bec37c,sampled=0,service.name=None)
[server patched] 2026-01-07T21:04:29+0000 [ERROR] [entry_service:Summarization:1] Exception on /summarize [POST] (trace=b755a3386f76ca6c5b2e40263831f6e0,span=3cc7a5ad1ee12139,sampled=0,service.name=None)
[server patched] Traceback (most recent call last):
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 713, in api_endpoint_wrapper
[server patched]     resp = await self.api_endpoint(name, request)
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/server/app.py", line 779, in api_endpoint
[server patched]     input_data = await method.input_spec.from_http_request(request, serde)
[server patched]                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_sdk/io_models.py", line 213, in from_http_request
[server patched]     return await serde.parse_request(request, t.cast(t.Type[IODescriptor], cls))
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 184, in parse_request
[server patched]     return self.deserialize_model(Payload((body,), metadata=request.headers), cls)
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/_bentoml_impl/serde.py", line 187, in deserialize_model
[server patched]     return cls.model_validate_json(b"".join(payload.data) or b"{}")
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched]   File "/usr/local/lib/python3.11/dist-packages/pydantic/main.py", line 766, in model_validate_json
[server patched]     return cls.__pydantic_validator__.validate_json(
[server patched]            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[server patched] pydantic_core._pydantic_core.ValidationError: 1 validation error for Input
[server patched]   Invalid JSON: expected value at line 1 column 1 [type=json_invalid, input_value=b"\x80\x04\x95\xa5\x00\x0....txt'\x94\x85\x94R\x94.", input_type=bytes]
[server patched]     For further information visit https://errors.pydantic.dev/2.12/v/json_invalid
[server patched] 2026-01-07T21:04:29+0000 [INFO] [entry_service:Summarization:1] 127.0.0.1:24062 (scheme=http,method=POST,path=/summarize,type=application/vnd.bentoml+pickle, application/json,length=176) (status=400,type=application/json,length=196) 1.823ms (trace=b755a3386f76ca6c5b2e40263831f6e0,span=3cc7a5ad1ee12139,sampled=0,service.name=None)