Title:Ray 安全漏洞 (CVE-2023-6021) Description:Ray是ray-project开源的一个用于扩展 AI 和 Python 应用程序的统一框架。 Ray存在安全漏洞,该漏洞源于log API端点存在远程文件包含(LFI)漏洞。攻击者可利用该漏洞读取服务器上的任何文件。
Description
LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.
File Snapshot
id: CVE-2023-6021
info:
name: Ray API - Local File Inclusion
author: byt3bl33d3r
severity: hi
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.