{"id":"CVE-2023-48022","details":"Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. (Also, within that environment, customers at version 2.52.0 and later can choose to use token authentication.)","aliases":["GHSA-6wgj-66m2-xxp2"],"modified":"2026-04-10T05:05:48.960549Z","published":"2023-11-28T08:15:06.910Z","related":["CGA-3g55-w6q5-vh7m"],"references":[{"type":"WEB","url":"https://atlas.mitre.org/studies/AML.CS0023"},{"type":"WEB","url":"https://docs.ray.io/en/latest/ray-security/token-auth.html"},{"type":"WEB","url":"https://www.vicarius.io/vsociety/posts/shadowray-cve-2023-48022-exploit"},{"type":"WEB","url":"https://www.vicarius.io/vsociety/posts/the-story-of-shadowray-cve-2023-48022"},{"type":"ADVISORY","url":"https://docs.ray.io/en/latest/ray-security/index.html"},{"type":"EVIDENCE","url":"https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ray-project/ray","events":[{"introduced":"0"},{"last_affected":"8a434b4ee7cd48e60fa1531315d39901fac5d79e"},{"introduced":"0"},{"last_affected":"dd270c86feaf3b342014f20c3f7559a6e4cb4272"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.6.3"},{"introduced":"0"},{"last_affected":"2.8.0"}]}}],"versions":["ray-0.1.0","ray-0.1.1","ray-0.1.2","ray-0.2.0","ray-0.2.1","ray-0.2.2","ray-0.3.0","ray-0.3.1","ray-0.4.0","ray-0.5.0","ray-0.5.1","ray-0.5.2","ray-0.5.3","ray-0.6.0","ray-0.6.1","ray-0.6.2","ray-0.6.3","ray-0.6.4","ray-0.6.5","ray-0.7.0","ray-2.6.0","ray-2.6.1","ray-2.6.2","ray-2.6.3","ray-2.8.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48022.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}