GHSA-6WGJ-66M2-XXP2 Ray has arbitrary code execution via jobs submission API

Anyscale Ray allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...

Ray Code Issues Vulnerabilities

Ray is a unified framework for scaling AI and Python applications open-sourced by ray-project. A code issue vulnerability exists in Ray version 2.6.3, 2.8.0. A remote attacker could exploit this vulnerability to execute arbitrary code via the Job Submission API...