top of page
  • Clipeus

Vulnerabilities In Ray Framework

Bishop Fox reports three vulnerabilities impacting the Ray framework, an open-source scalability solution extensively used in artificial intelligence (AI) and machine learning (ML) based applications. Ray is a project of Anyscale, which claims that prominent entities such as AWS, OpenAI, Cohere, and Uber utilize the tool.

The vulnerabilities affect Ray versions 2.6.3 through 2.8.0, released in early November 2023. It is worth noting upfront that, according to the United States National Vulnerability Database (NVD), "the vendor's" [Anyscale] "position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment."

Bishop Fox reported the following vulnerabilities:

  • CVE-2023-48023 - a remote code execution vulnerability resulting from Ray's missing authentication in the default configuration. According to the Bishop Fox report, this flaw would allow a remote attacker to carry out deliberate actions, including manipulating jobs and retrieving sensitive information, such as AWS Identity and Access Management (IAM) credentials.

  • CVE-2023-48022 - Bishop Fox claims a vulnerability exists in the Ray Dashboard API, enabling a potential attacker to perform a server-side request forgery.

  • CVE-2023-6021 - a high-severity vulnerability resulting from a lack of input validation in the filename parameter of the /api/v0/logs/file API endpoint. As a result, any arbitrary file system path is accepted as valid. The Bishop Fox report notes that this vulnerability may lead to the compromise of the SSH private key used by Ray to authenticate to all other nodes in the associated cluster.

According to the Bishop Fox report, the vulnerabilities are exploitable with low sophistication and require the attacker to have network access to the Ray Dashboard default ports 8265 and 10001.

At the same time, it is worth pointing out that there is presently no consensus on the relevance of these vulnerabilities. Our reporting is for awareness only and does not take a position on the dispute.


Os comentários foram desativados.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to with your inquiry. We would be glad to assist you

bottom of page