CVE-2024-45597 — MEDIUM (5.3)

Q: How severe is CVE-2024-45597?

CVE-2024-45597 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-45597?

Check the references section above for vendor advisories and patch information. Affected products include: Pluto-Lang Pluto.

Vulnerability Description

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Pluto-Lang	Pluto	>= 0.9.0, < 0.9.5

Related Weaknesses (CWE)

CWE-93

References

https://github.com/PlutoLang/Pluto/pull/945Patch
https://github.com/PlutoLang/Pluto/security/advisories/GHSA-w8xp-pmx2-37w7Vendor Advisory

FAQ

What is CVE-2024-45597?

CVE-2024-45597 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitr...

How severe is CVE-2024-45597?

CVE-2024-45597 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-45597?

Check the references section above for vendor advisories and patch information. Affected products include: Pluto-Lang Pluto.