CVE-2023-48022 is a critical vulnerability identified in Anyscale Ray, presenting as a flaw in software design or implementation. This vulnerability allows for remote code execution, potentially giving unauthorized users the ability to manipulate the affected system. Despite its disclosure, this vulnerability remains unpatched, posing a significant threat to any systems that utilize Anyscale Ray.
Check Point IPS has provided protection against this threat, helping to mitigate potential damage. However, the existence of the vulnerability and the fact it remains unpatched highlights an ongoing risk. Users are strongly encouraged to implement the protections offered by Check Point IPS until a patch becomes available from the vendor.
In addition to CVE-2023-48022, Bishop Fox has highlighted other critical-severity vulnerabilities within Ray. These include a server-side request forgery (SSRF) bug also associated with CVE-2023-48022, and an insecure input validation flaw (CVE-2023-6021). The latter was reported to the vendor by Protect AI during the summer. These vulnerabilities, along with the unpatched CVE-2023-48022, underscore the need for comprehensive security measures and prompt action from the vendor to address these issues.
Description last updated: 2024-04-01T12:15:36.315Z