ray@1.9.1 vulnerabilities
Ray provides a simple, universal API for building distributed applications.
-
latest version
2.39.0
-
latest non vulnerable version
-
first published
7 years ago
-
latest version published
17 days ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the ray package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Race Condition during the creation of actors in multi-threaded environments. How to fix Race Condition? Upgrade |
[,2.11.0)
|
ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Arbitrary Command Injection through the NOTE: The maintainers' position is that running jobs remotely is the intended behavior of the package and therefore it should not be considered vulnerable. How to fix Arbitrary Command Injection? Upgrade |
[,2.8.1)
|
ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the dashboard API, via the Notes: The maintainer's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. The maintainers have made a verification tool available to check a deployment for vulnerability to this issue: https://github.com/ray-project/ray-open-ports-checker How to fix Server-side Request Forgery (SSRF)? Upgrade |
[,2.8.1)
|
ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Directory Traversal via the How to fix Directory Traversal? Upgrade |
[,2.8.1)
|
ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') via the How to fix Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')? Upgrade |
[,2.8.0)
|
ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the How to fix Use of GET Request Method With Sensitive Query Strings? Upgrade |
[,2.8.0)
|