lua 5.4.4 is vulnerable according to NVD

[KK-5]

Describe the bug According to NVD, lua 5.4.4 has the following CVE-2022-28805

Steps to reproduce Access https://nvd.nist.gov/, and check CVE reports related to lua 5.4.4.

Expected behavior No CVE reportes or its base score is below 5.5.

Actual behavior There are CVE reportes related to lua 5.4.4, and their base score are 9.1.

Assets required

Screenshots/Video

Found in Branch

Desktop/Device (please complete the following information):

• Device: [e.g. PC, Mac, iPhone, Samsung]
• OS: [e.g. Windows, macOS, iOS, Android]
• Version [e.g. 10, Bug Sur, Oreo]
• CPU [e.g. Intel I9-9900k , Ryzen 5900x, ]
• GPU [AMD 6800 XT, NVidia RTX 3090]
• Memory [e.g. 16GB]

Additional context Add any other context about the problem here.

[lmbr-pip]

Confirmed lua 5.4.4 is current version in O3DE: https://github.com/o3de/o3de/blob/82f9458caf78c960e34d484d1285479049157722/cmake/3rdParty/Platform/Windows/BuiltInPackages_windows.cmake#L31

[spham-amzn]

Version 5.4.4 is the current version for Lua. The remediation for this issue is to apply a patch and rebuild the package

[dshmz]

sig/content, do we have any update on this issue?