Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-6019 PoC — Ray Command Injection in cpu_profile Parameter

Source
https://github.com/Zohaibkhan1472/cve-2023-6019
Associated Vulnerability
Title:Ray Command Injection in cpu_profile Parameter (CVE-2023-6019)
Description:A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023
File Snapshot

 [4.0K]  /data/pocs/33cffd5c663f7dfcdc65f4604fb56acb971b1f89
├── [1.1K]  docker-compose.yml
├── [4.0K]  frontend
│   ├── [3.7K]  dashboard.py
│   ├── [ 142]  Dockerfile
│   └── [4.0K]  templates
│       └── [ 12K]  dashboard.html
├── [4.0K]  logs
│   └── [6.5K]  ray-monitor.log
├── [4.0K]  mitigation
│   ├── [ 117]  Dockerfile
│   └── [3.2K]  waf_filter.py
├── [4.0K]  monitoring
│   ├── [ 127]  Dockerfile
│   └── [3.9K]  request_monitor.py
├── [1.2K]  setup.sh
└── [4.0K]  testing
    └── [1.7K]  exploit_test.py

7 directories, 11 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →