BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.system_packages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since system_packages is semantically a list of OS package names (data), users do not expect values to be interpreted as shell commands. A malicious bentofile.yaml achieves arbitrary command execution during bentoml containerize / docker build. Version 1.4.37 fixes the issue.