CVE-2023-6020 · CVEKit

cve.orgen

103 chars

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.

NVDen

103 chars

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.

OSV.deven

306 chars

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023

GHSAen

306 chars

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023

NVDes

117 chars

LFI en el directorio /static/ de Ray permite a los atacantes leer cualquier archivo en el servidor sin autenticación.

CVSS metrics across sources

5

Version	Type	Source	Base	Exp	Impact	Vector
3.0	Primary	cve.org	7.5	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.0	Primary	cve.org	7.5	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N