PromptRiskDBThreat intelligence atlas

CVE-2023-48022

AI Vulnerability Context

Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. (Also, within that environment, customers at version 2.52.0 and later can choose to use token authentication.)

Overview

A source-backed snapshot of this vulnerability.

CISA KEVnoWhether CISA lists this as exploited.
Techniques0AI attack methods connected to this vulnerability.
Case studies1Examples where this vulnerability is mentioned.

Vulnerability status

How serious this vulnerability is and whether it is known to be exploited.

not in CISA KEVCRITICAL
CVE ID
CVE-2023-48022
CVSS v3
9.8

Exploit context

What the vulnerability is about.

No description available. The source record only contains identifiers and metadata.

Source evidence

Original public records and references for this page.

Original source

Original source links

Open the public records and source datasets used for this page.