[GHSA-6wgj-66m2-xxp2] Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to... #6219
Conversation
There was a problem hiding this comment.
Pull Request Overview
Updates a security advisory for CVE-2023-48022 (Ray arbitrary code execution vulnerability) to provide more comprehensive vulnerability information and references.
- Added affected package information for the PyPI ray package
- Enhanced vulnerability details with summary field and formatted description
- Added additional security research references and CWE classifications
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| "introduced": "0" | ||
| } | ||
| ] |
There was a problem hiding this comment.
The affected package range is too broad. According to the details, only versions 2.6.3 and 2.8.0 are mentioned as vulnerable. The range should specify these exact versions or a more precise version range rather than starting from version '0' which implies all versions are affected.
| "introduced": "0" | |
| } | |
| ] | |
| "introduced": "2.6.3" | |
| }, | |
| { | |
| "fixed": "2.6.4" | |
| } | |
| ] | |
| }, | |
| { | |
| "type": "ECOSYSTEM", | |
| "events": [ | |
| { | |
| "introduced": "2.8.0" | |
| }, | |
| { | |
| "fixed": "2.8.1" | |
| } | |
| ] |
There was a problem hiding this comment.
All versions are vulnerable, there exists no fixed versions. The AI is wrong
github-actions
bot
changed the base branch from
main
to
JLLeitschuh/advisory-improvement-6219
|
👋 Hi @JLLeitschuh, I've read the reference links you provided in addition to searching for a maintainer response to https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild. I have a few questions with respect to clarifying the vulnerable version range. The part of https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild that says "Ray remains vulnerable not only to the CVEs that were successfully fixed (running Ray versions between 2.6.3 - 2.8.0), but also ShadowRay" indicates to me that 2.6.3 may be the minimum vulnerable version. Is that the minimum vulnerable version for all of the vulnerabilities, all of the vulnerabilities that are not CVE-2023-48022, or just the minimum tested version? A maintainer blog https://www.anyscale.com/blog/update-on-ray-cve-2023-48022-new-verification-tooling-available and commit ray-project/ray@9789470 indicate that the maintainers of Ray provided a patch for CVE-2023-48022 in version 2.11.0. I think this is enough to consider 2.11.0 a fixed version. Do you agree with listing 2.11.0 as a fixed version? |
It is not fixed. The vulnerability remains present and unpatched. That "new verification tooling available" is a scanner to detect if your are exposing public ray instances. Not an actual fix. This vulnerability is also on VulnCheck's KEV list as it's been known to be exploited |
|
I don't know what the minimum impacted version is, but given that the jobs API is pretty fundamental to how ray operates, I would assume that almost all versions are impacted |
|
I did more digging in the GitHub Advisory Database and found an advisory that indicates versions after 2.11.0 may still be vulnerable to CVE-2023-48022. CVE-2024-57000, which was issued after version 2.11.0 was released and subsequently withdrawn as a duplicate of CVE-2023-48022, links to a researcher report that says versions 2.9.3 through 2.40.0 are vulnerable. Pardon me for not finding and mentioning this advisory in my previous comment. 😅 |
advisory-database
bot
merged commit 47687c9
into
JLLeitschuh/advisory-improvement-6219
|
Hi @JLLeitschuh! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future! |
Updates
Comments
Added some links, added the impacted package. Reformatted a bit