CVE-2023-6019

CRITICAL LAB

Ray <2.8.1 - Command Injection

Title source: llm

Description

A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023

Exploits (5)

exploitdb WORKING POC

by Fire_Wolf · textwebappspython

https://www.exploit-db.com/exploits/51978

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Clydeston · poc

https://github.com/Clydeston/CVE-2023-6019

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by FireWolfWang · poc

https://github.com/FireWolfWang/CVE-2023-6019

View Code ZIP pw:eip

nomisec WORKING POC

by Zohaibkhan1472 · poc

https://github.com/Zohaibkhan1472/cve-2023-6019

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by sierrabearchell, byt3bl33d3r <[email protected]>, Takahiro Yokoyama · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ray_cpu_profile_cmd_injection_cve_2023_6019.rb

View Code ZIP pw:eip

References (1)

[Exploit] https://huntr.com/bounties/d0290f3c-b302-4161-89f2-c13bb28b4cfe

Scores

CVSS v3 9.8

EPSS 0.8877

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull rayproject/ray:2.7.0

https://github.com/FireWolfWang/CVE-2023-6019

https://github.com/Clydeston/CVE-2023-6019

https://github.com/Zohaibkhan1472/cve-2023-6019

+1 more repos

View in Library

Details

CWE

CWE-78

Status published

Products (2)

pypi/ray 0 - 2.8.1PyPI

ray_project/ray

Published Nov 16, 2023

Tracked Since Feb 18, 2026