VYPR
Unrated severityNVD Advisory· Published Sep 10, 2024· Updated Sep 11, 2024

Pluto's http.request allows CR and LF in header values

CVE-2024-45597

Description

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.