Arbitrary Requests through User-Controlled Values in http.request Header
CVE-2024-45597
5.3MEDIUM
What is CVE-2024-45597?
Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table.
Affected Version(s)
Pluto >= 0.9.0, <= 0.9.4