Sainan

Name of the Vulnerable Software and Affected Versions: Pluto (affected versions not specified) Description: The issue affects scripts that pass user-controlled values to `http.request` header values. An attacker could exploit this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pluto versions prior to 0.9.3 **Description** The issue affects Pluto, a superset of Lua 5.4, allowing an attacker who can intercept network traffic to use a specifically-crafted certificate to fool Pluto into trusting it as the intended remote for the TLS session. This results in the HTTP library and socket.starttls providing less transport integrity than expected. **Recommendations** For versions prior to 0.9.3, upgrade to version 0.9.3 to resolve the issue. As a temporary workaround, consider restricting the use of the HTTP library and socket.starttls until the upgrade is applied.