Anyscale Ray - Remote Code Execution

Short Info

Level

Critical

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

12 days 22 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

Anyscale Ray 2.6.3 and 2.8.0 contain a remote code execution vulnerability due to insecure job submission API, allowing attackers to execute arbitrary code remotely if they have network access to the Ray Dashboard API.

References:

https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0
https://vulncheck.com/xdb/497d7fb3b118
https://github.com/jakabakos/ShadowRay-RCE-PoC-CVE-2023-48022
https://vulncheck.com/xdb/d3bafad9c9f6
https://github.com/0x656565/CVE-2023-48022
https://nvd.nist.gov/vuln/detail/cve-2023-48022

Get started to protecting your digital assets

Start trial See the plans

Anyscale Ray - Remote Code Execution

Short Info

-

Detail

Category