lua5 is vulnerable to privilege escalation. The vulnerability exists due to a Use after free in garbage collector and finalizer of lgc.c allowing an attacker to perform Sandbox Escape via a crafted script file.
lua-users.org/lists/lua-l/2021-11/msg00186.html
lua-users.org/lists/lua-l/2021-12/msg00007.html
lua-users.org/lists/lua-l/2021-12/msg00015.html
lua-users.org/lists/lua-l/2021-12/msg00030.html
github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability
security-tracker.debian.org/tracker/CVE-2021-44964