Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pluto's http.request allows CR and LF in header values
Vulnerability Description
Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Vulnerability Title
Pluto 注入漏洞
Vulnerability Description
Pluto是PlutoLang开源的一种 Lua 的独特语言。用于通用编程。 Pluto 0.9.0至0.9.4版本存在注入漏洞,该漏洞源于将用户控制的值传递给http.request标头值的脚本会受到影响,从而攻击者可发送任意请求,并潜在地利用同一标头表中提供的身份验证令牌。
CVSS Information
N/A
Vulnerability Type
N/A