2 matches found
Astra Linux – Vulnerability in TeXeVe-Bin
LuaTeX prior to version 1.17.0 allows a document compiled with default settings to make arbitrary network requests. This occurs because full access to the socket library is allowed by default, as stated in the documentation. This also applies to TeX Live prior to version 2023 r66984 and MiKTeX...
PT-2017-4251 · Luatex +10 · Luatex +10
Name of the Vulnerable Software and Affected Versions: LuaTeX versions prior to 1.17.0 TeX Live versions prior to 2023 r66984 MiKTeX versions prior to 23.5 Description: The issue is related to the io.popen function in the luatex-core.lua component, which lacks input validation. This allows an...