Описание
Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the User-Agent header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the User-Agent header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement (malvertising). This issue has been patched in version 2.52.0.
A flaw was found in Ray’s HTTP API endpoint handling (e.g. /api/jobs, /api/job_agent/jobs/), which allows a remote attacker to trigger arbitrary code execution when a developer using Ray visits a malicious website in a vulnerable browser (e.g. Firefox or Safari). The root cause is an insufficient defense relying solely on the User-Agent header starting with “Mozilla”, which can be manipulated under the fetch specification — enabling a DNS-rebinding attack to bypass browser-based protections.
Отчет
Red Hat has chosen to keep this as Important instead of Critical severity because the successful exploitation of this vulnerability requires user interaction in conjunction with a DNS rebinding attack.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux AI (RHEL AI) 3 | rhelai3/bootc-aws-cuda-rhel9 | Affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) 3 | rhelai3/bootc-azure-cuda-rhel9 | Affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) 3 | rhelai3/bootc-cuda-rhel9 | Affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) 3 | rhelai3/bootc-gcp-cuda-rhel9 | Affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-model-registry-rhel9 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9 | Affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9 | Affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9 | Affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9 | Affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9 | Affected |
Показывать по
Дополнительная информация
Статус:
8.8 High
CVSS3
Связанные уязвимости
Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the User-Agent header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the User-Agent header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement (malvertising). This issue has been patched in version 2.52.0.
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Уязвимость фреймворка для масштабирования приложений AI и Python Ray, связанная с подделкой межсайтовых запросов, позволяющая нарушителю выполнить произвольный код
8.8 High
CVSS3