Vulnerabilities > CVE-2023-6019 - Unspecified vulnerability in RAY Project RAY

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ray-project

critical

NVD

Published: 2023-11-16

Updated: 2024-11-21

Summary

A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023

Vulnerable Configurations

Part	Description	Count
Application	Ray_Project RAY Project RAY -	1

References

https://huntr.com/bounties/d0290f3c-b302-4161-89f2-c13bb28b4cfe
https://huntr.com/bounties/d0290f3c-b302-4161-89f2-c13bb28b4cfe

Summary

Vulnerable Configurations

Related news

References