CVE-2023-6020

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication...

Ray Static Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray static arbitrary file read', 'Description' = %q Ray before 2.8.1 is vulnerable to a local file inclusion. , 'Author' = 'byt3bl33d3r ', Python...

CVE-2023-6020

creationtimestamp| type| source ---|---|--- 2023-11-25 12:14:52+00:00| published-proof-of-concept| Telegram/B3MfWlGpx-qQr-PJTpFgE5RGDaIYA5WKuQnODf6UIO8APlw 2024-03-27 17:30:05+00:00| exploited| https://t.me/truesecator/5575 2024-08-23 09:26:17+00:00| seen|...

aana (>=0.2.1 <=0.2.4), abao-ai (=0.0.5) +1083 more potentially affected by CVE-2023-48022 +4 more via ray (>=0.5.0 <=2.8.0)

ray PYPI version =0.5.0, =0.2.1, =0.0.6, =0.0.1b1, =0.1.1, =0.2.0, =0.0.2, =0.1.1, =0.2.0, =0.0.1, =0.0.0, =0.2.11 and more Source cves: CVE-2023-48022, CVE-2023-48023, CVE-2023-6019, CVE-2023-6020, CVE-2023-6021 Source advisory: OSV:GHSA-6CXR-8Q3M-JWRR...

CVE-2023-6020

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication...

CVE-2023-6020

CVE-2023-6020 corresponds to a local file inclusion (LFI) in Ray, allowing unauthenticated readers to traverse the /static/ directory and read arbitrary server files. The Nuclei template and related advisories describe the vulnerability as a path traversal issue in Ray’s static/file serving behav...

aana (>=0.2.1 <=0.2.4), abao-ai (=0.0.5) +1083 more potentially affected by CVE-2023-48022 +4 more via ray (>=0.5.0 <=2.8.0)

ray PYPI version =0.5.0, =0.2.1, =0.0.6, =0.0.1b1, =0.1.1, =0.2.0, =0.0.2, =0.1.1, =0.2.0, =0.0.1, =0.0.0, =0.2.11 and more Source cves: CVE-2023-48022, CVE-2023-48023, CVE-2023-6019, CVE-2023-6020, CVE-2023-6021 Source advisory: OSV:GHSA-3PWW-QVR8-6MHP...