Vulnerability CVE-2023-6019


Published: 2023-11-16

Description:
A command injection exists in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Ray OS 2.6.3 Command Injection
Fire_Wolf
14.04.2024

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

 References:
https://huntr.com/bounties/d0290f3c-b302-4161-89f2-c13bb28b4cfe

Copyright 2024, cxsecurity.com

 

Back to Top