#RayVulnerability

‘Thousands’ of businesses at mercy of miscreants thanks to unpatched Ray AI flaw

by

March 27, 2024 at 04:43PM Thousands of companies are at risk due to a critical remote-code-execution bug, named ShadowRay (CVE-2023-48022), in the Ray open-source AI framework. Exploited for seven months, it compromises sensitive data and facilitates cryptocurrency mining. Although fixes for other flaws are available, the vulnerability remains, leading to significant breaches and data leaks. … Read more

Critical Vulnerability Found in Ray AI Framework 

by

November 28, 2023 at 09:06AM Ray, an open source compute framework for AI, has a critical vulnerability that allows unauthorized access to all nodes, warns cybersecurity firm Bishop Fox. The bug, known as CVE-2023-48023, exists because Ray does not properly enforce authentication on its dashboard and client components. Attackers can exploit this vulnerability to submit … Read more