pkg:PyPI/ray

All known vulnerabilities

• CRITICAL9.8CVE-2024-57000Withdrawn Advisory: Command injection in Ray
  >= 2.9.3, <= 2.40.0
• CRITICAL9.8CVE-2023-48022Ray has arbitrary code execution via jobs submission API
  from 0, <= 2.49.2
• CRITICAL9.8CVE-2023-6019Ray OS Command Injection vulnerability
  from 0, < 2.8.1
• CRITICAL9.3Ray Missing Authorization vulnerability
  from 0, < 2.8.1
• CRITICAL9.3Ray Path Traversal vulnerability
  from 0, < 2.8.1
• HIGH7.5Ray Dashboard is vulnerable to path traversal through its static file handling mechanism
  from 0, < 2.8.1
• HIGH7.5Ray Dashboard is vulnerable to path traversal through its static file handling mechanism
  from 0, < 2.8.1
• MEDIUM6.4ray vulnerable to Insertion of Sensitive Information into Log File
  from 0, < 2.43.0
• MEDIUM6.4ray vulnerable to Insertion of Sensitive Information into Log File
  from 0, < 64a2e4010522d60b90c389634f24df77b603d85d | from 0, < 2.43.0
• MEDIUM5.9Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)
  from 0, < 2.54.0
• —Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization
  >= 2.49.0, < 2.55.0
• —Ray's New Token Authentication is Disabled By Default
  from 0, <= 2.52.0
• —Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
  from 0, < 2.52.0