How severe is CVE-2024-32973?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2024-32973?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2024-32973 - MEDIUM Severity | CVSS 4.8

Vulnerability Description

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. In affected versions an attacker with the ability to actively intercept network traffic would be able to use a specifically-crafted certificate to fool Pluto into trusting it to be the intended remote for the TLS session. This results in the HTTP library and socket.starttls providing less transport integrity than expected. This issue has been patched in pull request #851 which has been included in version 0.9.3. Users are advised to upgrade. there are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2015-8140

MEDIUM

CVSS:4.8(Medium)

The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.

CWE-2842015

CVE-2016-8285

MEDIUM

CVSS:4.8(Medium)

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candi...

CWE-2842016

CVE-2024-21145

MEDIUM

CVSS:4.8(Medium)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411...

CWE-2842024

CVE-2025-30691

MEDIUM

CVSS:4.8(Medium)

Vulnerability in Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability al...

CWE-2842025

CVE-2025-30714

MEDIUM

CVSS:4.8(Medium)

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privile...

CWE-2842025

CVE-2015-2687

MEDIUM

CVSS:4.7(Medium)

OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.

CWE-2842015