Msrc Cbl2 Lua 5.3.5-11 On Cbl Mariner 2.0 vulnerabilities

CVE-2020-15888 [HIGH] CWE-125 Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection leading to a heap-based buffer overflow heap-based buffer over-read or use-after-free. Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection leading to a heap-based buffer overflow heap-based buffer over-read or use-after-free. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially

CVE-2019-6706 [HIGH] CWE-416 Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have ce Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships. FAQ: Is Azure Linux the only Microsoft product t