Safety vulnerability ID: 62651
The information on this page was manually curated by our Cybersecurity Intelligence Team.
** DISPUTED ** Ray 2.8.1 includes a fix for CVE-2023-48023: Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment
https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023
Latest version: 2.22.0
Ray provides a simple, universal API for building distributed applications.
Release Highlights
The Ray 2.8.1 patch release contains fixes for the Ray Dashboard.
Additional context can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023
Ray Dashboard
🔨 Fixes:
[core][state][log] Cherry pick changes to prevent state API from reading files outside the Ray log directory (41520)
[Dashboard] Migrate Logs page to use state api. (41474) (41522)
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application