Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:conan/lua@5.4.3

Type conan

Namespace

Name lua

Version 5.4.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.4.6

Latest_non_vulnerable_version 5.4.6

Affected_by_vulnerabilities

url VCID-h37s-ads2-zugj

vulnerability_id VCID-h37s-ads2-zugj

summary

Out-of-bounds Write
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

references

reference_url

http://lua-users.org/lists/lua-l/2021-12/msg00019.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:01:31Z/

url

http://lua-users.org/lists/lua-l/2021-12/msg00019.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45985.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45985.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-45985

reference_id

reference_type

scores

value	0.0033
scoring_system	epss
scoring_elements	0.56248
published_at	2026-06-06T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.56187
published_at	2026-06-04T12:55:00Z

value	0.0033
scoring_system	epss
scoring_elements	0.56242
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-45985

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45985
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45985

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:01:31Z/

url

https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5

reference_url

https://www.lua.org/bugs.html#5.4.3-11

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:01:31Z/

url

https://www.lua.org/bugs.html#5.4.3-11

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2185579
reference_id	2185579
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2185579

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-45985
reference_id	CVE-2021-45985
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-45985

fixed_packages

url pkg:conan/lua@5.4.4

purl pkg:conan/lua@5.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3t3-qp1h-jfe3

vulnerability	VCID-genu-xfqb-ryfk

resource_url http://public2.vulnerablecode.io/packages/pkg:conan/lua@5.4.4

aliases CVE-2021-45985

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h37s-ads2-zugj

url VCID-pdpa-5dks-u7a9

vulnerability_id VCID-pdpa-5dks-u7a9

summary

Use After Free
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.

references

reference_url	http://lua-users.org/lists/lua-l/2021-11/msg00186.html
reference_id
reference_type
scores
url	http://lua-users.org/lists/lua-l/2021-11/msg00186.html

reference_url	http://lua-users.org/lists/lua-l/2021-12/msg00007.html
reference_id
reference_type
scores
url	http://lua-users.org/lists/lua-l/2021-12/msg00007.html

reference_url	http://lua-users.org/lists/lua-l/2021-12/msg00015.html
reference_id
reference_type
scores
url	http://lua-users.org/lists/lua-l/2021-12/msg00015.html

reference_url	http://lua-users.org/lists/lua-l/2021-12/msg00030.html
reference_id
reference_type
scores
url	http://lua-users.org/lists/lua-l/2021-12/msg00030.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44964.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44964.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44964

reference_id

reference_type

scores

value	0.00152
scoring_system	epss
scoring_elements	0.35512
published_at	2026-06-04T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35607
published_at	2026-06-05T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35619
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44964

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44964
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44964

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability
reference_id
reference_type
scores
url	https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064772
reference_id	2064772
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064772

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-44964
reference_id	CVE-2021-44964
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-44964

reference_url	https://access.redhat.com/errata/RHSA-2023:0957
reference_id	RHSA-2023:0957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0957

reference_url	https://access.redhat.com/errata/RHSA-2023:1211
reference_id	RHSA-2023:1211
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1211

fixed_packages

url pkg:conan/lua@5.4.4

purl pkg:conan/lua@5.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3t3-qp1h-jfe3

vulnerability	VCID-genu-xfqb-ryfk

resource_url http://public2.vulnerablecode.io/packages/pkg:conan/lua@5.4.4

aliases CVE-2021-44964

risk_score 3.1

exploitability 0.5

weighted_severity 6.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pdpa-5dks-u7a9

url VCID-sypb-grma-cfhq

vulnerability_id VCID-sypb-grma-cfhq

summary

Access of Resource Using Incompatible Type ('Type Confusion')
Lua are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.

references

reference_url	http://lua-users.org/lists/lua-l/2021-11/msg00195.html
reference_id
reference_type
scores
url	http://lua-users.org/lists/lua-l/2021-11/msg00195.html

reference_url	http://lua-users.org/lists/lua-l/2021-11/msg00204.html
reference_id
reference_type
scores
url	http://lua-users.org/lists/lua-l/2021-11/msg00204.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44647.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44647.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44647

reference_id

reference_type

scores

value	0.00134
scoring_system	epss
scoring_elements	0.32479
published_at	2026-06-04T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32551
published_at	2026-06-05T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32519
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44647

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44647
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44647

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004189
reference_id	1004189
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004189

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2044415
reference_id	2044415
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2044415

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-44647
reference_id	CVE-2021-44647
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-44647

reference_url	https://security.gentoo.org/glsa/202305-23
reference_id	GLSA-202305-23
reference_type
scores
url	https://security.gentoo.org/glsa/202305-23

fixed_packages

url pkg:conan/lua@5.4.4

purl pkg:conan/lua@5.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3t3-qp1h-jfe3

vulnerability	VCID-genu-xfqb-ryfk

resource_url http://public2.vulnerablecode.io/packages/pkg:conan/lua@5.4.4

aliases CVE-2021-44647

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sypb-grma-cfhq

Fixing_vulnerabilities

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:conan/lua@5.4.3

Package Instance