Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-32668


LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.


Published

2023-05-11T06:15:10.000

Last Modified

2025-01-27T17:15:14.650

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses
  • Type: Primary
    NVD-CWE-noinfo

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application luatex_project luatex < 1.17.0 Yes
Application miktex miktex < 23.5 Yes
Application tug tex_live < 2023 Yes

References