Lucene search
K

7 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-517 Ray has arbitrary code execution via jobs submission API

Anyscale Ray allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...

9.8CVSS7.5AI score0.81512EPSS
Exploits6References17
RedhatCVE
RedhatCVE
added 2025/05/23 5:47 a.m.6 views

CVE-2023-48022

A flaw was found in ray. The job submission API allows a remote attacker to execute arbitrary code due to insufficient input validation. An unauthenticated attacker can trigger this vulnerability by sending a malicious job submission request. Successful exploitation results in arbitrary code...

9.8CVSS7.9AI score0.81512EPSS
Exploits6References3
NVD
NVD
added 2023/11/28 8:15 a.m.32 views

CVE-2023-48022

Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. Also...

9.8CVSS0.81512EPSS
Exploits6References6
Vulnrichment
Vulnrichment
added 2023/11/28 12:0 a.m.25 views

CVE-2023-48022

Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. Also...

7.5AI score0.81512EPSS
Exploits6References5
OSV
OSV
added 2023/11/28 12:0 a.m.12 views

CVE-2023-48022

Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. Also...

9.8CVSS7.6AI score0.81512EPSS
Exploits6References8
Cvelist
Cvelist
added 2023/11/28 12:0 a.m.43 views

CVE-2023-48022

Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. Also...

9.1AI score0.81512EPSS
Exploits6References5
CVE
CVE
added 2023/11/28 12:0 a.m.186 views

CVE-2023-48022

This CVE impacts Anyscale Ray versions 2.6.3 and 2.8.0, where the remote code execution (RCE) arises from an insecure job submission API. The vulnerability enables unauthenticated remote code execution if an attacker can reach the Ray Dashboard API over the network, as Ray’s API lacks proper auth...

9.8CVSS7.5AI score0.81512EPSS
In wildExploits6References6Affected Software1
Rows per page
Query Builder