CVE-2023-48022 PoC — Ray 安全漏洞

Source

https://github.com/0x656565/CVE-2023-48022

Associated Vulnerability

Title:Ray 安全漏洞 (CVE-2023-48022)
Description:Ray是ray-project开源的一个用于扩展 AI 和 Python 应用程序的统一框架。 Ray 2.6.3版本、2.8.0版本存在安全漏洞。远程攻击者利用该漏洞通过作业提交 API 执行任意代码。

Description

CVE-2023-48022 exploit modified from Bishop Fox work

Readme

# CVE-2023-48022
CVE-2023-48022 exploit modified from Bishop Fox work
## How to use
set ip and port in jobs.py  
set payload in malicious.py    
`$ pip install ray`  
`$ python3 jobs.py`

File Snapshot


 [4.0K]  /data/pocs/ee0e76383e8c228be8e0793719bb9489ea12b9d8
├── [ 873]  jobs.py
├── [ 204]  malicious.py
└── [ 187]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!