Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/podman@4.9.2-r0?arch=x86_64&distroversion=v3.23&reponame=community

Type apk

Namespace alpine

Name podman

Version 4.9.2-r0

Qualifiers

arch	x86_64
distroversion	v3.23
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 4.9.4-r0

Latest_non_vulnerable_version 5.7.0-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-9j8p-hqfn-q7bj

vulnerability_id VCID-9j8p-hqfn-q7bj

summary

BuildKit vulnerable to possible host system access from mount stub cleaner
### Impact
A malicious BuildKit frontend or Dockerfile using `RUN --mount` could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system.

### Patches
The issue has been fixed in v0.12.5

### Workarounds
Avoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing `RUN --mount` feature.

### References

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23652.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23652.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23652

reference_id

reference_type

scores

value	0.05701
scoring_system	epss
scoring_elements	0.9043
published_at	2026-04-18T12:55:00Z

value	0.05701
scoring_system	epss
scoring_elements	0.90422
published_at	2026-04-12T12:55:00Z

value	0.05701
scoring_system	epss
scoring_elements	0.90423
published_at	2026-04-11T12:55:00Z

value	0.05701
scoring_system	epss
scoring_elements	0.90415
published_at	2026-04-13T12:55:00Z

value	0.05701
scoring_system	epss
scoring_elements	0.90394
published_at	2026-04-07T12:55:00Z

value	0.05701
scoring_system	epss
scoring_elements	0.9039
published_at	2026-04-04T12:55:00Z

value	0.05701
scoring_system	epss
scoring_elements	0.90408
published_at	2026-04-08T12:55:00Z

value	0.05701
scoring_system	epss
scoring_elements	0.90378
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23652

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/moby/buildkit

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/moby/buildkit

reference_url

https://github.com/moby/buildkit/pull/4603

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/

url

https://github.com/moby/buildkit/pull/4603

reference_url

https://github.com/moby/buildkit/releases/tag/v0.12.5

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/

url

https://github.com/moby/buildkit/releases/tag/v0.12.5

reference_url

https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/

url

https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-23652

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-23652

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2262225
reference_id	2262225
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2262225

reference_url	https://security.gentoo.org/glsa/202407-12
reference_id	GLSA-202407-12
reference_type
scores
url	https://security.gentoo.org/glsa/202407-12

reference_url	https://security.gentoo.org/glsa/202407-25
reference_id	GLSA-202407-25
reference_type
scores
url	https://security.gentoo.org/glsa/202407-25

reference_url	https://security.gentoo.org/glsa/202409-29
reference_id	GLSA-202409-29
reference_type
scores
url	https://security.gentoo.org/glsa/202409-29

reference_url	https://usn.ubuntu.com/7474-1/
reference_id	USN-7474-1
reference_type
scores
url	https://usn.ubuntu.com/7474-1/

fixed_packages

url	pkg:apk/alpine/podman@4.9.2-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/podman@4.9.2-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podman@4.9.2-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

aliases CVE-2024-23652, GHSA-4v98-7qmw-rqr8

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9j8p-hqfn-q7bj

url VCID-ba18-6srf-ufbu

vulnerability_id VCID-ba18-6srf-ufbu

summary

BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts
### Impact
Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container.

### Patches
The issue has been fixed in v0.12.5

### Workarounds
Avoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with `--mount=type=cache,source=...` options.

### References
https://www.openwall.com/lists/oss-security/2019/05/28/1

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23651.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23651.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23651

reference_id

reference_type

scores

value	0.00548
scoring_system	epss
scoring_elements	0.67942
published_at	2026-04-18T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67929
published_at	2026-04-16T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67891
published_at	2026-04-13T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67853
published_at	2026-04-07T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67872
published_at	2026-04-04T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67903
published_at	2026-04-08T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67917
published_at	2026-04-09T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67927
published_at	2026-04-12T12:55:00Z

value	0.00548
scoring_system	epss
scoring_elements	0.67941
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23651

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/moby/buildkit

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moby/buildkit

reference_url

https://github.com/moby/buildkit/pull/4604

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/

url

https://github.com/moby/buildkit/pull/4604

reference_url

https://github.com/moby/buildkit/releases/tag/v0.12.5

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/

url

https://github.com/moby/buildkit/releases/tag/v0.12.5

reference_url

https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/

url

https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-23651

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-23651

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2262224
reference_id	2262224
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2262224

reference_url	https://security.gentoo.org/glsa/202407-12
reference_id	GLSA-202407-12
reference_type
scores
url	https://security.gentoo.org/glsa/202407-12

reference_url	https://security.gentoo.org/glsa/202407-25
reference_id	GLSA-202407-25
reference_type
scores
url	https://security.gentoo.org/glsa/202407-25

reference_url	https://security.gentoo.org/glsa/202409-29
reference_id	GLSA-202409-29
reference_type
scores
url	https://security.gentoo.org/glsa/202409-29

reference_url	https://usn.ubuntu.com/7474-1/
reference_id	USN-7474-1
reference_type
scores
url	https://usn.ubuntu.com/7474-1/

fixed_packages

url	pkg:apk/alpine/podman@4.9.2-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/podman@4.9.2-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podman@4.9.2-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

aliases CVE-2024-23651, GHSA-m3r6-h7wv-7xxv

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ba18-6srf-ufbu

url VCID-dmsf-7cxm-xff5

vulnerability_id VCID-dmsf-7cxm-xff5

summary

Buildkit's interactive containers API does not validate entitlements check
### Impact
In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request.

### Patches
The issue has been fixed in v0.12.5 .

### Workarounds
Avoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the `#syntax` line on your Dockerfile, or with `--frontend` flag when using `buildctl build` command.

### References

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23653.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23653.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23653

reference_id

reference_type

scores

value	0.10301
scoring_system	epss
scoring_elements	0.93197
published_at	2026-04-18T12:55:00Z

value	0.10301
scoring_system	epss
scoring_elements	0.93156
published_at	2026-04-02T12:55:00Z

value	0.10301
scoring_system	epss
scoring_elements	0.9316
published_at	2026-04-04T12:55:00Z

value	0.10301
scoring_system	epss
scoring_elements	0.93158
published_at	2026-04-07T12:55:00Z

value	0.10301
scoring_system	epss
scoring_elements	0.93167
published_at	2026-04-08T12:55:00Z

value	0.10301
scoring_system	epss
scoring_elements	0.93171
published_at	2026-04-09T12:55:00Z

value	0.10301
scoring_system	epss
scoring_elements	0.93177
published_at	2026-04-11T12:55:00Z

value	0.10301
scoring_system	epss
scoring_elements	0.93175
published_at	2026-04-12T12:55:00Z

value	0.10301
scoring_system	epss
scoring_elements	0.93176
published_at	2026-04-13T12:55:00Z

value	0.10301
scoring_system	epss
scoring_elements	0.93192
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23653

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/moby/buildkit

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/moby/buildkit

reference_url

https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e

reference_url

https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e

reference_url

https://github.com/moby/buildkit/pull/4602

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/

url

https://github.com/moby/buildkit/pull/4602

reference_url

https://github.com/moby/buildkit/releases/tag/v0.12.5

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/

url

https://github.com/moby/buildkit/releases/tag/v0.12.5

reference_url

https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/

url

https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-23653

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-23653

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2262226
reference_id	2262226
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2262226

reference_url	https://security.gentoo.org/glsa/202407-12
reference_id	GLSA-202407-12
reference_type
scores
url	https://security.gentoo.org/glsa/202407-12

reference_url	https://security.gentoo.org/glsa/202407-25
reference_id	GLSA-202407-25
reference_type
scores
url	https://security.gentoo.org/glsa/202407-25

reference_url	https://security.gentoo.org/glsa/202409-29
reference_id	GLSA-202409-29
reference_type
scores
url	https://security.gentoo.org/glsa/202409-29

fixed_packages

url	pkg:apk/alpine/podman@4.9.2-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/podman@4.9.2-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podman@4.9.2-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

aliases CVE-2024-23653, GHSA-wr6v-9f75-vh2g

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dmsf-7cxm-xff5

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podman@4.9.2-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

Package Instance