CVE-2023-6020

Summary

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.

Affected Software

VendorProductVersion RangeStatus
ray-projectray-project/rayunspecified <= latestaffected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

References