CVE-2023-6021
Ray Log File Local File Include
LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
ray-project · ray-project/rayQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →