Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Ray Security Vulnerabilities

cve
cve

CVE-2023-6019

A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-o...

9.8CVSS

8.6AI Score

0.919EPSS

2023-11-16 05:15 PM
61
cve
cve

CVE-2023-6020

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.

7.5CVSS

8.3AI Score

0.405EPSS

2023-11-16 09:15 PM
42
cve
cve

CVE-2023-6021

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023...

7.5CVSS

8AI Score

0.919EPSS

2023-11-16 05:15 PM
44