Hi On vendredi 30 juillet 2021 12:22:59 CEST you wrote: > moarvm-dev uses the obsolete version of minilua > (single-file port of Lua) which has CVE-2014-5461
Exploiting this CVE requires feeding arbitrary lua code to moarvm. I don't think this is possible. So I won't patch directly moarvm. Nevertheless, I'll forward this bug upstream. All the best
