CVE-2023-32700 #1356
Unanswered
MichaelCalPERS
asked this question in
Q&A
CVE-2023-32700
#1356
Replies: 2 comments
-
|
Dear community I have the same concern as Michael, please help! Thanks :) |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
23.5 was released back in May and the current Windows installer at https://miktex.org/download is version 23.9, which was released last week. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
The company I work for would like to use MiKTeX. The request to use it was denied due to the following security vulnerability.
CVE-2023-32700:
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Does anyone know when version 23.5 will be released and if so, will this vulnerability be addressed?
Thank you,
Michael
Beta Was this translation helpful? Give feedback.
All reactions