CVE-2023-6019 Information

Description

A command injection exists in Ray’s cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication.

Reference

https://huntr.com/bounties/d0290f3c-b302-4161-89f2-c13bb28b4cfe