3 matches found
CVE-2023-6019
Ray’s CVE-2023-6019 is an RCE via the cpu_profile URL parameter on the Ray dashboard, allowing remote code execution without authentication. Exploitation evidence exists in public Metasploit modules for Ray CPU profile injection, and related LFI/RCE advisories corroborate the class of impact. The...
CVE-2023-6021
Technical details for CVE-2023-6021 are not publicly available in the provided documents. Monitor for updates from official advisories or vendor notices to confirm affected components, impact, and remediation.
CVE-2023-6020
CVE-2023-6020 corresponds to a local file inclusion (LFI) in Ray, allowing unauthenticated readers to traverse the /static/ directory and read arbitrary server files. The Nuclei template and related advisories describe the vulnerability as a path traversal issue in Ray’s static/file serving behav...