Description
A command injection exists in Ray’s cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication.
References
https://huntr.com/bounties/d0290f3c-b302-4161-89f2-c13bb28b4cfe