The Ray Dashboard API is affected by a Server-Side Request Forgery (SSRF) vulnerability in the url parameter of the /log_proxy API endpoint. The API does not perform sufficient input validation within the affected parameter and any HTTP or HTTPS URLs are accepted as valid.
View the template here CVE-2023-48023.yaml
References:
https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0