CNNVD-202511-2831 Information

CNNVD ID

CNNVD-202511-2831

Related CVE

CVE-2025-62593

• CNNVD Published: 2025-11-26

Description (Chinese)

Ray是ray-project开源的一个用于扩展 AI 和 Python 应用程序的统一框架。 Ray 2.52.0之前版本存在跨站请求伪造漏洞，该漏洞源于对基于浏览器的攻击防护不足，可能导致远程代码执行。

Description (English)

Ray is a unified framework for the extension of AI and Python applications from the Ray-project open source. The previous version of Ray 2.52.0 had a false gap in cross-site requests, which stemmed from inadequate protection against attacks based on browsers and could lead to remote code enforcement.

Hazard Level

High

Vulnerability Type

跨站请求伪造

Affected Vendor

ray-project

Published

2025-11-26

Last Modified

2026-02-24

References

https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09 https://github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v

Patch

https://github.com/ray-project/ray/releases