cve/2023/CVE-2023-6019.md

### [CVE-2023-6019](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6019)
![](https://img.shields.io/static/v1?label=Product&message=ray-project%2Fray&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%3D%20latest%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command&color=brighgreen)

### Description

A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023

### POC

#### Reference
- https://huntr.com/bounties/d0290f3c-b302-4161-89f2-c13bb28b4cfe

#### Github
- https://github.com/Clydeston/CVE-2023-6019
- https://github.com/FireWolfWang/CVE-2023-6019
- https://github.com/google/tsunami-security-scanner-plugins
- https://github.com/miguelc49/CVE-2023-6019-1
- https://github.com/miguelc49/CVE-2023-6019-2
- https://github.com/miguelc49/CVE-2023-6019-3
- https://github.com/nomi-sec/PoC-in-GitHub