What is CVE-2023-48023?

CVE-2023-48023 is a vulnerability in N/a. Published 2023-11-28.

Is CVE-2023-48023 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-48023

Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment

EPSS: 0.892 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

nomi-sec/PoC-in-GitHub

References

bishopfox.com/blog/ray-versions-2-6-3-2-8-0
docs.ray.io/en/latest/ray-security/index.html

Frequently asked questions

What is CVE-2023-48023?: CVE-2023-48023 is a vulnerability in N/a. Published 2023-11-28.
Is CVE-2023-48023 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.