CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2023-48023

CVSS 9.1v3.1pub. 2023-11-28upd. 2024-11-21

Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Anyscale Ray

    APP
    Anyscale
    2.6.32.8.0
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SSRF
CWE
References

Related vulnerabilities

CVE-2023-48022CRITICAL9.8PL βœ“ten sam produkt

Anyscale Ray β€” RCE przez API przesyΕ‚ania zadaΕ„ (job submission API)

CVE-2026-41486HIGH8.9ten sam produkt

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow ext...

CVE-2026-32981HIGH8.7ten sam produkt

A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2....

CVE-2026-27482MEDIUM5.9ten sam produkt

Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST...

CVE-2023-48023 β€” Anyscale β€” Ray β€” CRITICAL β€” CVSS 9.1 | CVEbaza.pl