CVE-2023-6019

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 16, 2023

Updated: Dec 6, 2023

CWE ID 78

Summary

CVE-2023-6019 is a command injection vulnerability affecting the Ray dashboard. Attackers could exploit this issue by injecting os commands through the cpu_profile URL parameter in the Ray dashboard. This vulnerability allowed unauthenticated remote code execution. The Ray maintainers have addressed this issue in version 2.8.1 and above. For more details, please refer to the Ray maintainers' response on their blog.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tUjHea
https://www.cve.org/CVERecord?id=CVE-2023-6019
https://nvd.nist.gov/vuln/detail/CVE-2023-6019

Back to Vulnerability Database

CVE-2023-6019

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations