Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2023-6019

🗓️ 16 Nov 2023 16:12:07Reported by @huntr_aiType 
cve
 cve🔗 web.nvd.nist.gov👁 154 Views🌐 WEB

A command injection in Ray's cpu_profile URL parameter allows remote code execution without authentication

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today		Ray OS v2.6.3 - Command Injection Exploit
12 Apr 202400:00
zdt
0day.today		Ray cpu_profile Command Injection Exploit
27 Aug 202400:00
zdt
GithubExploit		Exploit for OS Command Injection in Ray_Project Ray
21 Apr 202414:30
githubexploit
GithubExploit		Exploit for OS Command Injection in Ray_Project Ray
28 Oct 202520:04
githubexploit
GithubExploit		Exploit for OS Command Injection in Ray_Project Ray
19 Jun 202619:08
githubexploit
GithubExploit		Exploit for OS Command Injection in Ray_Project Ray
10 Apr 202409:24
githubexploit
ATTACKERKB		CVE-2023-48023
28 Nov 202308:15
attackerkb
BDU FSTEC		The vulnerability of the AI application scaling framework and Python Ray, related to an incorrect path name limitation for the restricted access catalog, allows attackers to read arbitrary files.
3 Apr 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the dashboard component of the application scaling framework for AI and Python Ray applications, which allows a hacker to execute arbitrary commands.
3 Apr 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the AI application scaling framework and Python Ray, related to deficiencies in the authentication process, allows attackers to read arbitrary files from the /static/ directory.
3 Apr 202400:00
bdu_fstec
Rows per page
NVD
Node
ray_projectrayMatch-
[
  {
    "defaultStatus": "unaffected",
    "product": "ray-project/ray",
    "vendor": "ray-project",
    "versions": [
      {
        "lessThanOrEqual": "latest",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
formatquery param/worker/cpu_profileCommand injection via the cpu_profile endpoint using the format parameter to inject commands (RCE).CWE-78

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 06:49Current
8.9High risk
Vulners AI Score8.9
CVSS 3.19.8
EPSS0.7463
CWE-78
cve-2023-6019command injectionraycpu profileremote code executionauthentication bypass
154