This Metasploit module demonstrates a command injection vulnerability in Ray via cpu_profile.
8df2df72517b571d9dd8bd6cfcba7d7a0e2e3adcc491da6ac95c7d5c7f943993
The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system is configured to allow passwordless sudo (a setup some Ray configurations require) this will result in a root shell being returned to the user. If not configured, a user level shell will be returned. Versions 2.6.3 and below are affected.
71d55c6a52e12ee9261d11d52085671ffd68404f5deb15af6740a69e8a217fba