Luajit
By the Year
In 2024 there have been 0 vulnerabilities in Luajit . Luajit did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 7.50 |
| 2019 | 1 | 9.10 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Luajit vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Luajit Security Vulnerabilities
LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c.
CVE-2020-24372
7.5 - High
- August 17, 2020
LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c.
Out-of-bounds Read
LuaJit through 2.1.0-beta3 has an out-of-bounds read
CVE-2020-15890
7.5 - High
- July 21, 2020
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.
Out-of-bounds Read
In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue
CVE-2019-19391
9.1 - Critical
- November 29, 2019
In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT project owner states that the debug libary is unsafe by definition and that this is not a vulnerability. When LuaJIT was originally developed, the expectation was that the entire debug library had no security guarantees and thus it made no sense to assign CVEs. However, not all users of later LuaJIT derivatives share this perspective
Object Type Confusion
