What is CVE-2023-48022?

CVE-2023-48022 is a vulnerability in N/a. Published 2023-11-28.

Is CVE-2023-48022 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-48022

Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use…

EPSS: 0.922 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

jakabakos/ShadowRay-RCE-PoC-CVE-2023-48022
0x656565/CVE-2023-48022
rapid7/metasploit-framework
ShenaoW/awesome-llm-supply-chain-security
averinaleks/bot
20142995/nuclei-templates
google/tsunami-security-scanner-plugins
nomi-sec/PoC-in-GitHub
cyb3r-w0lf/nuclei-template-collection

References

bishopfox.com/blog/ray-versions-2-6-3-2-8-0
docs.ray.io/en/latest/ray-security/index.html
www.vicarius.io/vsociety/posts/shadowray-cve-2023-48022-exploit
atlas.mitre.org/studies/AML.CS0023
docs.ray.io/en/latest/ray-security/token-auth.html

Frequently asked questions

What is CVE-2023-48022?: CVE-2023-48022 is a vulnerability in N/a. Published 2023-11-28.
Is CVE-2023-48022 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.