Public Exploit for Critical Ray AI Framework RCE Puts Thousands of Servers at Risk
Summary
This edition covers a critical remote code execution vulnerability (CVE-2023-48022) in the popular Ray AI/ML framework. With a CVSS score of 9.8 and a publicly available proof-of-concept exploit, thousands of internet-exposed Ray servers are now at immediate risk of complete takeover. The vulnerability stems from a lack of authentication in the Ray Dashboard, allowing unauthenticated attackers to execute arbitrary code. Administrators are urged to patch to Ray version 2.7.0 or implement network-level mitigations without delay.
Today New Articles
Critical RCE Flaw in Ray AI Framework Actively Exploited After PoC Release
A critical remote code execution vulnerability, CVE-2023-48022 (CVSS score 9.8), in the open-source Ray AI/ML framework is under active threat following the public release of a proof-of-concept exploit. The flaw, stemming from a lack of authentication in the R...