Every CVE whose affected-product data names Ray Project Ray, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2023-6019 — CVSS 9.8 (critical): A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray…
CVE-2023-6020 — CVSS 7.5 (high): LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.
CVE-2023-6021 — CVSS 7.5 (high): LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+…