-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
ac26bf4
commit b72c0e9
Showing
25 changed files
with
25 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"cve": {"id": "CVE-2023-47678", "sourceIdentifier": "[email protected]", "published": "2023-11-15T02:15:06.800", "lastModified": "2024-07-03T01:42:14.340", "vulnStatus": "Modified", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp."}, {"lang": "es", "value": "Existe una vulnerabilidad de control de acceso inadecuado en todas las versiones del RT-AC87U. Un atacante puede leer o escribir archivos a los que no est\u00e1 previsto acceder conect\u00e1ndose a un dispositivo de destino a trav\u00e9s de tftp."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:asus:rt-ac87u_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CE7F61F-6CEB-4EFA-A534-3A42F75CEACF"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*", "matchCriteriaId": "317B2498-88CE-431F-97E1-EFE7F7E34E05"}]}]}], "references": [{"url": "https://jvn.jp/en/vu/JVNVU96079387/", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.asus.com/event/network/EOL-product/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.asus.com/support/", "source": "[email protected]", "tags": ["Not Applicable"]}]}} | ||
| {"cve": {"id": "CVE-2023-47678", "sourceIdentifier": "[email protected]", "published": "2023-11-15T02:15:06.800", "lastModified": "2024-08-02T22:15:20.000", "vulnStatus": "Modified", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp."}, {"lang": "es", "value": "Existe una vulnerabilidad de control de acceso inadecuado en todas las versiones del RT-AC87U. Un atacante puede leer o escribir archivos a los que no est\u00e1 previsto acceder conect\u00e1ndose a un dispositivo de destino a trav\u00e9s de tftp."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:asus:rt-ac87u_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CE7F61F-6CEB-4EFA-A534-3A42F75CEACF"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*", "matchCriteriaId": "317B2498-88CE-431F-97E1-EFE7F7E34E05"}]}]}], "references": [{"url": "https://jvn.jp/en/vu/JVNVU96079387/", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.asus.com/event/network/EOL-product/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.asus.com/support/", "source": "[email protected]", "tags": ["Not Applicable"]}]}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"cve": {"id": "CVE-2023-47867", "sourceIdentifier": "[email protected]", "published": "2024-02-01T23:15:09.567", "lastModified": "2024-07-05T18:15:20.457", "vulnStatus": "Modified", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\n\n\nMachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device.\n\n\n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Los dispositivos MachineSense FeverWarn est\u00e1n configurados como hosts Wi-Fi de manera que los atacantes dentro del alcance puedan conectarse a los servicios web del dispositivo y comprometerlo."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:machinesense:feverwarn_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "45F21168-E7F1-49E4-84B0-0B4EB9C6DE50"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:machinesense:feverwarn:-:*:*:*:*:*:*:*", "matchCriteriaId": "489AD7C3-7648-4398-BA27-450E909171EC"}]}]}], "references": [{"url": "https://machinesense.com/pages/about-machinesense", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01", "source": "[email protected]", "tags": ["Third Party Advisory", "US Government Resource"]}]}} | ||
| {"cve": {"id": "CVE-2023-47867", "sourceIdentifier": "[email protected]", "published": "2024-02-01T23:15:09.567", "lastModified": "2024-08-02T22:15:25.910", "vulnStatus": "Modified", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\n\n\nMachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device.\n\n\n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Los dispositivos MachineSense FeverWarn est\u00e1n configurados como hosts Wi-Fi de manera que los atacantes dentro del alcance puedan conectarse a los servicios web del dispositivo y comprometerlo."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:machinesense:feverwarn_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "45F21168-E7F1-49E4-84B0-0B4EB9C6DE50"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:machinesense:feverwarn:-:*:*:*:*:*:*:*", "matchCriteriaId": "489AD7C3-7648-4398-BA27-450E909171EC"}]}]}], "references": [{"url": "https://machinesense.com/pages/about-machinesense", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01", "source": "[email protected]", "tags": ["Third Party Advisory", "US Government Resource"]}]}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"cve": {"id": "CVE-2023-48022", "sourceIdentifier": "[email protected]", "published": "2023-11-28T08:15:06.910", "lastModified": "2024-07-03T01:42:17.167", "vulnStatus": "Modified", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment"}, {"lang": "es", "value": "Anyscale Ray 2.6.3 y 2.8.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la API de env\u00edo de trabajos. NOTA: la posici\u00f3n del proveedor es que este informe es irrelevante porque Ray, como se indica en su documentaci\u00f3n, no est\u00e1 manipulado para su uso fuera de un entorno de red estrictamente controlado."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-918"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:anyscale:ray:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "1083D908-E7F7-44BE-89CD-B760224C5585"}, {"vulnerable": true, "criteria": "cpe:2.3:a:anyscale:ray:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE882370-6570-49E0-A11F-95D3FBCD4714"}]}]}], "references": [{"url": "https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://docs.ray.io/en/latest/ray-security/index.html", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://www.vicarius.io/vsociety/posts/shadowray-cve-2023-48022-exploit", "source": "[email protected]"}]}} | ||
| {"cve": {"id": "CVE-2023-48022", "sourceIdentifier": "[email protected]", "published": "2023-11-28T08:15:06.910", "lastModified": "2024-08-02T22:15:27.193", "vulnStatus": "Modified", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment"}, {"lang": "es", "value": "Anyscale Ray 2.6.3 y 2.8.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la API de env\u00edo de trabajos. NOTA: la posici\u00f3n del proveedor es que este informe es irrelevante porque Ray, como se indica en su documentaci\u00f3n, no est\u00e1 manipulado para su uso fuera de un entorno de red estrictamente controlado."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-918"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:anyscale:ray:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "1083D908-E7F7-44BE-89CD-B760224C5585"}, {"vulnerable": true, "criteria": "cpe:2.3:a:anyscale:ray:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE882370-6570-49E0-A11F-95D3FBCD4714"}]}]}], "references": [{"url": "https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://docs.ray.io/en/latest/ray-security/index.html", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://www.vicarius.io/vsociety/posts/shadowray-cve-2023-48022-exploit", "source": "[email protected]"}]}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"cve": {"id": "CVE-2023-48023", "sourceIdentifier": "[email protected]", "published": "2023-11-28T08:15:07.060", "lastModified": "2024-05-17T02:30:38.467", "vulnStatus": "Modified", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment"}, {"lang": "es", "value": "Anyscale Ray 2.6.3 y 2.8.0 permite /log_proxy SSRF. NOTA: la posici\u00f3n del proveedor es que este informe es irrelevante porque Ray, como se indica en su documentaci\u00f3n, no est\u00e1 manipulado para su uso fuera de un entorno de red estrictamente controlado."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:anyscale:ray:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "1083D908-E7F7-44BE-89CD-B760224C5585"}, {"vulnerable": true, "criteria": "cpe:2.3:a:anyscale:ray:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE882370-6570-49E0-A11F-95D3FBCD4714"}]}]}], "references": [{"url": "https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://docs.ray.io/en/latest/ray-security/index.html", "source": "[email protected]", "tags": ["Product", "Release Notes"]}]}} | ||
| {"cve": {"id": "CVE-2023-48023", "sourceIdentifier": "[email protected]", "published": "2023-11-28T08:15:07.060", "lastModified": "2024-08-02T22:15:27.340", "vulnStatus": "Modified", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment"}, {"lang": "es", "value": "Anyscale Ray 2.6.3 y 2.8.0 permite /log_proxy SSRF. NOTA: la posici\u00f3n del proveedor es que este informe es irrelevante porque Ray, como se indica en su documentaci\u00f3n, no est\u00e1 manipulado para su uso fuera de un entorno de red estrictamente controlado."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:anyscale:ray:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "1083D908-E7F7-44BE-89CD-B760224C5585"}, {"vulnerable": true, "criteria": "cpe:2.3:a:anyscale:ray:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE882370-6570-49E0-A11F-95D3FBCD4714"}]}]}], "references": [{"url": "https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://docs.ray.io/en/latest/ray-security/index.html", "source": "[email protected]", "tags": ["Product", "Release Notes"]}]}} |
Oops, something went wrong.