Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ray: Dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)
Vulnerability Description
Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding or same-network access can issue DELETE requests that shut down Serve or delete jobs without user interaction. This is a drive-by availability impact. The fix for this vulnerability is to update to Ray 2.54.0 or higher.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
Vulnerability Type
对通用异常声明Catch语句
Vulnerability Title
Ray 安全漏洞
Vulnerability Description
Ray是ray-project开源的一个用于扩展 AI 和 Python 应用程序的统一框架。 Ray 2.53.0及之前版本存在安全漏洞,该漏洞源于dashboard HTTP服务器未覆盖DELETE方法且关键DELETE端点默认未经验证,可能导致未经用户交互即可关闭服务或删除作业。
CVSS Information
N/A
Vulnerability Type
N/A