Ray.Project.cpu_profile.Code.Injection
Description
This indicates an attack attempt to exploit a Code Injection Vulnerability in Ray Project Dashboard.
The vulnerability is due to lack of input validation when handling requests. A remote, unauthenticated attacker can exploit this vulnerability by sending maliciously crafted requests to the vulnerable server. Successful exploitation could result in arbitrary code execution in the security context of the application.
Affected Products
Ray Project Dashboard prior to 2.8.1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://github.com/ray-project/ray
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2024-04-25 | 27.775 |