Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2023-6019

🗓️ 16 Nov 2023 16:12:07Reported by @huntr_aiType 
cve
 cve🔗 web.nvd.nist.gov👁 128 Views🌐 WEB

A command injection in Ray's cpu_profile URL parameter allows remote code execution without authentication

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today		Ray OS v2.6.3 - Command Injection Exploit
12 Apr 202400:00
zdt
0day.today		Ray cpu_profile Command Injection Exploit
27 Aug 202400:00
zdt
GithubExploit		Exploit for OS Command Injection in Ray_Project Ray
21 Apr 202414:30
githubexploit
GithubExploit		Exploit for OS Command Injection in Ray_Project Ray
28 Oct 202520:04
githubexploit
GithubExploit		Exploit for OS Command Injection in Ray_Project Ray
10 Apr 202409:24
githubexploit
Circl		CVE-2023-6019
18 Mar 202410:01
circl
CNNVD		Ray Operating System Command Injection Vulnerability
16 Nov 202300:00
cnnvd
Cvelist		CVE-2023-6019 Ray Command Injection in cpu_profile Parameter
16 Nov 202316:12
cvelist
Exploit DB		Ray OS v2.6.3 - Command Injection RCE(Unauthorized)
12 Apr 202400:00
exploitdb
Github Security Blog		Ray Path Traversal vulnerability
16 Nov 202318:30
github
Rows per page
NVD
Node
ray_projectrayMatch-
[
  {
    "defaultStatus": "unaffected",
    "product": "ray-project/ray",
    "vendor": "ray-project",
    "versions": [
      {
        "lessThanOrEqual": "latest",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
formatquery paramworker/cpu_profileRay cpu_profile format parameter vulnerable to command injectionCWE-78

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 08:42Current
8.9High risk
Vulners AI Score8.9
CVSS 3.19.8
EPSS0.88771
CWE-78
cve-2023-6019command injectionraycpu profileremote code executionauthentication bypass
128