Product

Ray Data

1 brief RSS

Ray Data Remote Code Execution via Parquet Arrow Extension Type Deserialization

Ray Data is vulnerable to remote code execution via Parquet Arrow Extension Type Deserialization; specifically, a maliciously crafted Parquet file can trigger arbitrary code execution due to the unsafe deserialization of Arrow extension metadata, affecting Ray versions 2.49.0 through 2.54.0.

Ray Data remote-code-execution parquet deserialization cloudpickle ray

2r 1t 1w ago