Vulnerabilities > CVE-2023-48022 - Server-Side Request Forgery (SSRF) vulnerability in Anyscale RAY 2.6.3/2.8.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |