Open KK-5 opened 2 years ago
Confirmed lua 5.4.4 is current version in O3DE: https://github.com/o3de/o3de/blob/82f9458caf78c960e34d484d1285479049157722/cmake/3rdParty/Platform/Windows/BuiltInPackages_windows.cmake#L31
Version 5.4.4 is the current version for Lua. The remediation for this issue is to apply a patch and rebuild the package
sig/content, do we have any update on this issue?
Describe the bug According to NVD, lua 5.4.4 has the following CVE-2022-28805
Steps to reproduce Access https://nvd.nist.gov/, and check CVE reports related to lua 5.4.4.
Expected behavior No CVE reportes or its base score is below 5.5.
Actual behavior There are CVE reportes related to lua 5.4.4, and their base score are 9.1.
Assets required
Screenshots/Video
Found in Branch
Desktop/Device (please complete the following information):
Additional context Add any other context about the problem here.