Vulnerabilities > CVE-2023-48022 - Server-Side Request Forgery (SSRF) vulnerability in Anyscale RAY 2.6.3/2.8.0

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
anyscale
CWE-918
critical

Summary

Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment

Vulnerable Configurations

Part Description Count
Application
Anyscale
2

Common Weakness Enumeration (CWE)