Vulnerabilities > TUG > TEX Live > 2018.09.21
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-20 | CVE-2023-32700 | LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. | 7.8 |
| 2023-05-11 | CVE-2023-32668 | LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. | 5.5 |
| 2017-12-14 | CVE-2017-17513 | Injection vulnerability in TUG TEX Live TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua. | 8.8 |