Home > Vulnerability Database > CVE-2024-32973

Mend.io Vulnerability Database

CVE-2024-32973

Good to know:

Date: May 1, 2024

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. In affected versions an attacker with the ability to actively intercept network traffic would be able to use a specifically-crafted certificate to fool Pluto into trusting it to be the intended remote for the TLS session. This results in the HTTP library and socket.starttls providing less transport integrity than expected. This issue has been patched in pull request #851 which has been included in version 0.9.3. Users are advised to upgrade. there are no known workarounds for this vulnerability.

Language: C++

Severity Score

4.8

Related Resources (4)

Url: https://github.com/PlutoLang/Pluto/security/advisories/GHSA-84hj-7j2v-w665

Url: https://github.com/PlutoLang/Pluto/pull/851

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-32973

Url: https://www.mend.io/vulnerability-database/CVE-2024-32973

Severity Score

4.8

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version 0.9.3

Learn More

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-32973

Good to know:

Date: May 1, 2024

Language: C++

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?