CVE-2023-6021

Name of the Vulnerable Software and Affected Versions Ray (affected versions not specified)

Description The issue is related to incorrect restriction of a directory path with limited access in the Ray framework for scaling AI and Python applications. This can be exploited by a remote attacker to read arbitrary files using the filename parameter. The log API endpoint in Ray is also affected, allowing attackers to read any file on the server without authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.