Shakevsky

**Name of the Vulnerable Software and Affected Versions** Ray versions 2.49.0 through 2.54.0 **Description** Ray Data registers custom Arrow extension types (`ray.data.arrow tensor`, `ray.data.arrow tensor v2`, and `ray.data.arrow variable shaped tensor`) globally in PyArrow. When PyArrow reads a Parquet file containing these extension types, it invokes the ` arrow ext deserialize ` function on the metadata bytes of the field. The implementation passes these bytes directly to `cloudpickle.loads()`, which allows for arbitrary code execution during schema parsing before any row data is processed. This affects any process using Ray Data that reads Parquet files, including those using `ray.data.read parquet()`, `pyarrow.parquet.read table()`, or `pandas.read parquet()`. An attacker can exploit this by providing a crafted Parquet file containing a column with one of the affected extension type names. **Recommendations** Update Ray to version 2.55.0.