CVE-2023-48023

EPSS 89.19% · P100 Updated Feb 26, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-48023

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Ray 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Ray是ray-project开源的一个用于扩展 AI 和 Python 应用程序的统一框架。 Ray 2.6.3版本、2.8.0版本存在安全漏洞。攻击者利用该漏洞执行服务器端请求伪造攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2023-48023

#	POC Description	Source Link	Shenlong Link
1	The Ray Dashboard API is affected by a Server-Side Request Forgery (SSRF) vulnerability in the url parameter of the /log_proxy API endpoint. The API does not perform sufficient input validation within the affected parameter and any HTTP or HTTPS URLs are accepted as valid.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-48023.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-48023

请登录查看更多情报信息。

Same Patch Batch · n/a · 2023-11-28 · 13 CVEs total

CVE-2023-24023		Microsoft Bluetooth Driver 安全漏洞
CVE-2023-41264		Netwrix UserCube 安全漏洞
CVE-2023-45539		HAProxy 安全漏洞
CVE-2023-46944		GitLens 安全漏洞
CVE-2023-47503		jfinalCMS 安全漏洞
CVE-2023-48022		Ray 安全漏洞
CVE-2023-48042		Prestashop Amazzing filter 安全漏洞
CVE-2023-48121		部分EZVIZ产品安全漏洞
CVE-2023-48193		JumpServer 安全漏洞
CVE-2023-48848		UReport 安全漏洞
CVE-2023-49313		XMachOViewer 安全漏洞
CVE-2023-49314		Asana Desktop 安全漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2023-48023

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-48023

I. Basic Information for CVE-2023-48023

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2023-48023

III. Intelligence Information for CVE-2023-48023

Same Patch Batch · n/a · 2023-11-28 · 13 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-48023

Leave a comment