CVE-2023-6019 PoC — Ray 安全漏洞

Source

https://github.com/Zohaibkhan1472/cve-2023-6019

Associated Vulnerability

Title:Ray 安全漏洞 (CVE-2023-6019)
Description:Ray是ray-project开源的一个用于扩展 AI 和 Python 应用程序的统一框架。 Ray存在安全漏洞，该漏洞源于cpu_profile URL参数存在命令注入漏洞。攻击者可利用该漏洞运行Ray仪表板在系统上执行os命令。

File Snapshot


 [4.0K]  /data/pocs/33cffd5c663f7dfcdc65f4604fb56acb971b1f89
├── [1.1K]  docker-compose.yml
├── [4.0K]  frontend
│   ├── [3.7K]  dashboard.py
│   ├── [ 142]  Dockerfile
│   └── [4.0K]  templates
│       └── [ 12K]  dashboard.html
├── [4.0K]  logs
│   └── [6.5K]  ray-monitor.log
├── [4.0K]  mitigation
│   ├── [ 117]  Dockerfile
│   └── [3.2K]  waf_filter.py
├── [4.0K]  monitoring
│   ├── [ 127]  Dockerfile
│   └── [3.9K]  request_monitor.py
├── [1.2K]  setup.sh
└── [4.0K]  testing
    └── [1.7K]  exploit_test.py

7 directories, 11 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-6019 PoC — Ray 安全漏洞

Source

Associated Vulnerability

File Snapshot

Remarks