Title:Ray 安全漏洞 (CVE-2023-6020) Description:Ray是ray-project开源的一个用于扩展 AI 和 Python 应用程序的统一框架。 Ray存在安全漏洞,该漏洞源于/static/目录存在远程文件包含(LFI)漏洞。攻击者可利用该漏洞读取服务器上的任何文件。
Description
LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.
File Snapshot
id: CVE-2023-6020
info:
name: Ray Static File - Local File Inclusion
author: byt3bl33d3r
seve
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.