Ray API Vulnerability Allows Remote Code Execution
CVE-2023-48022
Key Information:
Badges
What is CVE-2023-48022?
A remote code execution vulnerability exists in Anyscale Ray versions 2.6.3 and 2.8.0, allowing attackers to exploit the job submission API. The vulnerability could enable attackers to execute arbitrary code, raising significant security concerns. Anyscale has stated that Ray is designed for operation within strictly controlled network environments, thus implying limited exposure; however, the potential risks inherent in deploying these versions warrant careful consideration for any security posture.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
The Hacker NewsCVE-2023-48022ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet
ShadowRay 2.0 exploits an unpatched Ray flaw to spread cryptomining and DDoS malware across exposed GPU clusters.
1 week ago
New ShadowRay attacks convert Ray clusters into crypto miners
A global campaign dubbed ShadowRay 2.0 hijacks exposed Ray Clusters by exploiting an old code execution flaw to turn them into a self-propagating cryptomining botnet.
1 week ago
Techzine EuropeCVE-2023-48022Large-scale attack on Ray framework exposes AI security risks
Attacks on AI infrastructure are now a reality, as Oligo research has shown. It's unclear exactly how widespread the damage is.
References
EPSS Score
91% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by Beeping Computers
Vulnerability published
Vulnerability Reserved