516 matches found
Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization
Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension types, it calls arrowextdeserialize on the field's metadata bytes. Ray's...
PT-2026-37117
Name of the Vulnerable Software and Affected Versions Ray versions 2.49.0 through 2.54.0 Description Ray Data registers custom Arrow extension types ray.data.arrow tensor, ray.data.arrow tensor v2, and ray.data.arrow variable shaped tensor globally in PyArrow. When PyArrow reads a Parquet file...
EUVD-2026-25271
OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads...
CVE-2026-41173 Unbounded HTTP response body read in OpenTelemetry.Sampler.AWS
The AWS X-Ray Remote Sampler package provides a sampler which can get sampling configurations from AWS X-Ray. Prior to 0.1.0-alpha.8, OpenTelemetry.Sampler.AWS reads unbounded HTTP response bodies from a configured AWS X-Ray remote sampling endpoint into memory. AWSXRaySamplerClient.DoRequestAsyn...
IX-Ray Engine 安全漏洞
IX-Ray Engine is a modern game engine open-source by the IX-Ray Team. Versions of IX-Ray Engine prior to 1.3 contained security vulnerabilities, which were caused by exposing sensitive information to unauthorized participants...
CVE-2026-32981
A path traversal flaw has been identified in Ray Dashboard in the Ray Pypi package. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the intended static directory,...
EUVD-2026-12635
A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...
Ray Dashboard is vulnerable to path traversal through its static file handling mechanism
A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...
aana (>=0.2.1 <=0.2.4), abao-ai (=0.0.5) +1083 more potentially affected by CVE-2026-32981 via ray (>=0.5.0 <=2.8.0)
ray PYPI version =0.5.0, =0.2.1, =0.0.6, =0.0.1b1, =0.1.1, =0.2.0, =0.0.2, =0.1.1, =0.2.0, =0.0.1, =0.0.0, =0.2.11 and more Source cves: CVE-2026-32981 Source advisory: OSV:GHSA-J3MH-QMJJ-XP83...
GHSA-J3MH-QMJJ-XP83 Ray Dashboard is vulnerable to path traversal through its static file handling mechanism
A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...
aana (>=0.2.1 <=0.2.4), abao-ai (=0.0.5) +1083 more potentially affected by CVE-2026-32981 via ray (>=0.5.0 <=2.8.0)
ray PYPI version =0.5.0, =0.2.1, =0.0.6, =0.0.1b1, =0.1.1, =0.2.0, =0.0.2, =0.1.1, =0.2.0, =0.0.1, =0.0.0, =0.2.11 and more Source cves: CVE-2026-32981 Source advisory: OSV:PYSEC-2026-130...
PYSEC-2026-130
A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...
PYSEC-2026-130
A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...
CVE-2026-32981
A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...
CVE-2026-32981
A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...
CVE-2026-32981
A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...
CVE-2026-32981 Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disclosure
A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...
CVE-2026-32981 Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disclosure
A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...
CVE-2026-32981
Ray Dashboard on port 8265 has a path traversal flaw in versions prior to 2.8.1 due to improper validation/sanitization of user-supplied paths in the static file handling, allowing access to files outside the static directory and causing local file disclosure. Reported with high severity (CVSS 3....
Ray 路径遍历漏洞
Ray is an open-source framework developed by ray-project, designed to extend AI and Python applications. Versions of Ray prior to 2.8.1 contained a path traversal vulnerability. This vulnerability stemmed from improper validation and cleaning of paths provided by users during the static file...