2 matches found
NewStart CGSL MAIN 7.02 : texlive-base Vulnerability (NS-SA-2025-0137)
The remote NewStart CGSL host, running version MAIN 7.02, has texlive-base packages installed that are affected by a vulnerability: - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua...
The vulnerability of the texlive-base package in the TeX Live system allows a perpetrator to execute arbitrary commands.
The vulnerability of the texlive-base package in the TeX Live system is related to the inclusion of the mpost command in the list of commands allowed to be executed from the original TeX code. The mpost command allows for the execution of other programs during the compilation of TeX documents...