Product
BentoML is vulnerable to Dockerfile command injection via the `docker.system_packages` field in `bentofile.yaml`, allowing arbitrary command execution during `bentoml containerize` / `docker build`.