GHSA-q5fh-2hc8-f6rq
Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)
상세
### Summary
Ray’s dashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding or same-network access can issue DELETE requests that shut down Serve or delete jobs without user interaction. This is a drive-by availability impact.
### Details
- Middleware: python/ray/dashboard/http_server_head.py#get_browsers_no_post_put_middleware only checks POST/PUT via is_browser_request (UA/Origin/Sec-Fetch heuristics). DELETE is not gated. - Endpoints lacking browser protection/auth by default: - python/ray/dashboard/modules/serve/serve_head.py: @routes.delete("/api/serve/applications/") calls serve.shutdown(). - python/ray/dashboard/modules/job/job_head.py: @routes.delete("/api/jobs/{job_or_submission_id}"). - python/ray/dashboard/modules/job/job_agent.py: @routes.delete("/api/job_agent/jobs/{job_or_submission_id}") (not wrapped with deny_browser_requests either). - Dashboard token auth is optional and off by default; binding to 0.0.0.0 is common for remote access.
### PoC
Prereqs: dashboard reachable (e.g., ray start --head --dashboard-host=0.0.0.0), no token auth.
1. Start Serve (or have jobs present). 2. From any browser-reachable origin (DNS rebinding or same-LAN page), issue a DELETE fetch:
``` fetch("http://<dashboard-host>:8265/api/serve/applications/", { method: "DELETE", headers: { "User-Agent": "Mozilla/5.0" } // browsers set this automatically }); ```
Result: Serve shuts down. 3) Similarly, delete jobs:
` fetch("http://<dashboard-host>:8265/api/jobs/<job_or_submission_id>", { method: "DELETE" });` ` fetch("http://<dashboard-agent>:52365/api/job_agent/jobs/<job_or_submission_id>", { method: "DELETE" });`
Browsers will send the Mozilla UA and Origin/Sec-Fetch headers, but DELETE is not blocked by the middleware, so the requests succeed.
### Impact
- Availability loss: Serve shutdown; job deletion. Triggerable via drive-by browser requests if the dashboard/agent ports are reachable and auth is disabled (default). - No code execution from this vector, but breaks isolation/trust assumptions for “developer-only” endpoints. ### Fix The fix for this vulnerability is to update to Ray 2.54.0 or higher.
Fix PR: https://github.com/ray-project/ray/pull/60526
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://github.com/ray-project/ray/security/advisories/GHSA-q5fh-2hc8-f6rq [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-27482 [ADVISORY]
- https://github.com/ray-project/ray/pull/60526 [WEB]
- https://github.com/ray-project/ray/commit/0fda8b824cdc9dc6edd763bb28dfd7d1cc9b02a4 [WEB]
- https://github.com/ray-project/ray [PACKAGE]
- https://github.com/ray-project/ray/releases/tag/ray-2.54.0 [WEB]