AI Threat Alert

CVE-2023-6019

GHSA-h3xg-wv58-5p43 CRITICAL
Published November 16, 2023

A command injection exists in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package Ecosystem Vulnerable Range Patched
ray pip < 2.8.1 2.8.1

Do you use ray? You're affected.

Severity & Risk

CVSS 3.1
9.8 / 10
EPSS
88.7%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A

Recommended Action

Patch available

Update ray to version 2.8.1

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

A command injection exists in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication.

Weaknesses (CWE)

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Primary

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Timeline

Published
November 16, 2023
Last Modified
January 9, 2025
First Seen
March 24, 2026
Back to Threat Feed