Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only exploitable if: 1) Logging is enabled; 2) Redis is using password authentication; 3) Those logs are accessible to an attacker, who can reach that redis instance. **Note:** It is recommended that anyone who is running in this configuration should update to the latest version of Ray, then rotate their redis password.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
ray 日志信息泄露漏洞
Vulnerability Description
Ray是ray-project开源的一个用于扩展 AI 和 Python 应用程序的统一框架。 ray 2.43.0之前版本存在安全漏洞,该漏洞源于敏感信息插入日志文件,可能导致redis密码泄露。
CVSS Information
N/A
Vulnerability Type
N/A