exploitDog

CVE-2023-48023

Опубликовано: 28 нояб. 2023

Источник: nvd

CVSS3: 9.1

EPSS Высокий

Описание

Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment

Ссылки

https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0
Exploit
Third Party Advisory
https://docs.ray.io/en/latest/ray-security/index.html
Product
Release Notes
https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0
Exploit
Third Party Advisory
https://docs.ray.io/en/latest/ray-security/index.html
Product
Release Notes

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:anyscale:ray:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:anyscale:ray:2.8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.89186

Высокий

9.1 Critical

CVSS3

Дефекты

CWE-918

CWE-918

Связанные уязвимости

GHSA-3xqf-mvhg-35j8

CVSS3: 9.1

github

около 2 лет назад

Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment

EPSS

Процентиль: 100%

0.89186

Высокий

9.1 Critical

CVSS3

Дефекты

CWE-918

CWE-918