Cyber Resilience

CVE-2023-6019

CriticalPublic PoCRCE

Published: 16 November 2023

Published
16 November 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8877 99.5th percentile
Risk Priority 73 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-6019 is a critical-severity OS Command Injection (CWE-78) vulnerability in Ray Project Ray. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-6019 is a command injection vulnerability in the Ray distributed computing framework, specifically within the cpu_profile URL parameter of the Ray dashboard component. The flaw permits unauthenticated remote attackers to inject and execute arbitrary operating system commands on the host running the dashboard. It carries a CVSS v3.1 score of 9.8 and is tracked under CWE-78. The issue was addressed in Ray version 2.8.1 and later.

An attacker with network access to an exposed Ray dashboard can supply a malicious cpu_profile parameter to run commands with the privileges of the dashboard process, achieving full remote code execution without authentication or user interaction. This allows complete compromise of the underlying system, including data exfiltration, persistence, or lateral movement within an environment.

Ray maintainers published guidance at the referenced Anyscale advisory, confirming the root cause and directing users to upgrade to 2.8.1 or newer. The primary public reference is a huntr.dev bounty report that details the injection vector and reproduction steps.

Ray is widely used for scaling AI and machine-learning workloads, increasing the potential blast radius in research and production clusters. The CVE maintains a high EPSS score with a recorded peak of 0.9422, indicating sustained exploitation interest after disclosure.

EU & UK References

Vulnerability details

A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ray project
ray
all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References