Vulnerabilities CVE-2023-6021 question

who does know about fix plan?

LFI in Ray’s log API endpoint allows attackers to read any file on the server without authentication.


This is currently fixed in the master.

See also Update on Ray CVEs CVE-2023-6019, CVE-2023-6020, CVE-2023-6021, CVE-2023-48022, CVE-2023-48023 for a detailed description :slight_smile: