Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment
- https://www.vicarius.io/vsociety/posts/shadowray-cve-2023-48022-exploit
- https://www.vicarius.io/vsociety/posts/the-story-of-shadowray-cve-2023-48022
- https://github.com/0x656565/CVE-2023-48022
- https://github.com/20142995/nuclei-templates
- https://github.com/ShenaoW/awesome-llm-supply-chain-security
- https://github.com/averinaleks/bot
- https://github.com/cyb3r-w0lf/nuclei-template-collection
- https://github.com/google/tsunami-security-scanner-plugins
- https://github.com/jakabakos/ShadowRay-RCE-PoC-CVE-2023-48022
- https://github.com/nomi-sec/PoC-in-GitHub