Improve CVE2023-6019 description.

PiperOrigin-RevId: 618827725
Change-Id: I196eb96b52202e385c462d5a208916b3bd8538f0

google/detectors/rce/ai/cve20236019/src/main/java/com/google/tsunami/plugins/cve20236019/Cve20236019Detector.java

@@ -154,9 +154,9 @@ private DetectionReport buildDetectionReport(
                 .addRelatedId(
                     VulnerabilityId.newBuilder().setPublisher("CVE").setValue("CVE-2023-6019"))
                 .setDescription(
-                    "An attacker can use the model upload functionality to load remote Linux"
-                        + " commands and gains code execution on the server hosting the ray"
-                        + " application.")
+                    "A command injection exists in Ray's cpu_profile URL parameter allowing"
+                        + " attackers to execute os commands on the system running the ray"
+                        + " dashboard remotely without authentication.")
                 .setRecommendation("Upgrade Ray to version 2.8.0. or later."))
         .build();
   }

google/detectors/rce/ai/cve20236019/src/test/java/com/google/tsunami/plugins/cve20236019/Cve20236019DetectorTest.java

@@ -66,9 +66,9 @@ public final class Cve20236019DetectorTest {
           .setTitle("CVE-2023-6019")
           .addRelatedId(VulnerabilityId.newBuilder().setPublisher("CVE").setValue("CVE-2023-6019"))
           .setDescription(
-              "An attacker can use the model upload functionality to load remote"
-                  + " Linux commands and gains code execution on the server hosting"
-                  + " the ray application.")
+              "A command injection exists in Ray's cpu_profile URL parameter allowing"
+                  + " attackers to execute os commands on the system running the ray"
+                  + " dashboard remotely without authentication.")
           .setRecommendation("Upgrade Ray to version 2.8.0. or later.")
           .build();
   private MockWebServer mockWebServer;