Skip to main content

Miktex

2 CVEs product

Monthly

CVE-2023-32700 HIGH PATCH This Week

LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Luatex Miktex Tex Live
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-32668 MEDIUM POC PATCH This Month

LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Luatex Miktex Tex Live
NVD
CVSS 3.1
5.5
EPSS
0.4%
EPSS 1% CVSS 7.8
HIGH PATCH This Week

LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Luatex Miktex +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Luatex Miktex +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy