19 matches found
Anyscale Ray - Remote Code Execution
Anyscale Ray 2.6.3 and 2.8.0 contain a remote code execution vulnerability due to insecure job submission API, allowing attackers to execute arbitrary code remotely if they have network access to the Ray Dashboard API. id: CVE-2023-48022 info: name: Anyscale Ray - Remote Code Execution author:...
CVE-2023-48022
A flaw was found in ray. The job submission API allows a remote attacker to execute arbitrary code due to insufficient input validation. An unauthenticated attacker can trigger this vulnerability by sending a malicious job submission request. Successful exploitation results in arbitrary code...
CVE-2023-48023
Anyscale Ray 2.6.3 and 2.8.0 allows /logproxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...
CVE-2024-57000
...
Exploit for Server-Side Request Forgery in Anyscale Ray
PoC for a remote command execution vulnerability in Ray framew...
Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining
Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence AI platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. "This vulnerability allows attackers to...
Exploit for Server-Side Request Forgery in Anyscale Ray
CVE-2023-48022 CVE-2023-48022 explo...
CVE-2023-48023
Anyscale Ray 2.6.3 and 2.8.0 allows /logproxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...
CVE-2023-48022
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. Also...
CVE-2023-48022
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. Also...
Code injection
Anyscale Ray 2.6.3 and 2.8.0 allows /logproxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...
Code injection
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...
CVE-2023-48022
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. Also...
CVE-2023-48023
Anyscale Ray 2.6.3 and 2.8.0 allows /logproxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...
CVE-2023-48022
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. Also...
PT-2023-30670 · Anyscale · Anyscale Ray
Name of the Vulnerable Software and Affected Versions: Anyscale Ray versions 2.6.3 through 2.8.0 Description: The issue allows for a Server-Side Request Forgery SSRF attack via the /log proxy endpoint. The vendor considers this report irrelevant, stating that Anyscale Ray is not intended for use...
CVE-2023-48023
Anyscale Ray 2.6.3 and 2.8.0 allows /logproxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...
CVE-2023-48022
This CVE impacts Anyscale Ray versions 2.6.3 and 2.8.0, where the remote code execution (RCE) arises from an insecure job submission API. The vulnerability enables unauthenticated remote code execution if an attacker can reach the Ray Dashboard API over the network, as Ray’s API lacks proper auth...
CVE-2023-48023
CVE-2023-48023 : The Ray Dashboard API (Ray versions 2.6.3–2.8.0) is affected by a Server-Side Request Forgery in the /log_proxy endpoint. The parameter does not validate input and accepts any HTTP(S) URL, enabling exploitation without authentication over the Ray Dashboard port (default 8265). Th...