Anyscale · Anyscale Ray · CVE-2023-48023
**Name of the Vulnerable Software and Affected Versions**
Anyscale Ray versions 2.6.3 through 2.8.0
**Description**
The issue allows for a Server-Side Request Forgery (SSRF) attack via the /log proxy endpoint. The vendor considers this report irrelevant, stating that Anyscale Ray is not intended for use outside a strictly controlled network environment.
**Recommendations**
For versions 2.6.3 through 2.8.0, consider restricting access to the /log proxy endpoint to minimize the risk of SSRF exploitation.