4 matches found
CVE-2023-48023
CVE-2023-48023 : The Ray Dashboard API (Ray versions 2.6.3–2.8.0) is affected by a Server-Side Request Forgery in the /log_proxy endpoint. The parameter does not validate input and accepts any HTTP(S) URL, enabling exploitation without authentication over the Ray Dashboard port (default 8265). Th...
CVE-2023-48023
Anyscale Ray 2.6.3 and 2.8.0 allows /logproxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...
CVE-2023-48023
Anyscale Ray 2.6.3 and 2.8.0 allows /logproxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...
aana (>=0.2.1 <=0.2.4), abao-ai (=0.0.5) +1094 more potentially affected by CVE-2023-48022 +4 more via ray (>=0.5.0 <=2.8.0)
ray PYPI version =0.5.0, =0.2.1, =0.0.6, =0.0.1b1, =0.1.1, =0.2.0, =0.0.2, =0.1.1, =0.2.0, =0.0.1, =0.0.0, =0.2.11 and more Source cves: CVE-2023-48022, CVE-2023-48023, CVE-2023-6019, CVE-2023-6020, CVE-2023-6021 Source advisory: OSV:GHSA-3PWW-QVR8-6MHP...