Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-njcw-wc13-dqcz

Summary

Classic builder cache poisoning
The classic builder cache system is prone to cache poisoning if the image is built `FROM scratch`.
Also, changes to some instructions (most important being `HEALTHCHECK` and `ONBUILD`) would not cause a cache miss.

An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps.

For example, an attacker could create an image that is considered as a valid cache candidate for:
```
FROM scratch
MAINTAINER Pawel
```

when in fact the malicious image used as a cache would be an image built from a different Dockerfile.

In the second case, the attacker could for example substitute a different `HEALTCHECK` command.

### Impact

23.0+ users are only affected if they explicitly opted out of Buildkit (`DOCKER_BUILDKIT=0` environment variable) or are using the `/build` API endpoint (which uses the classic builder by default).

All users on versions older than 23.0 could be impacted. An example could be a CI with a shared cache, or just a regular Docker user pulling a malicious image due to misspelling/typosquatting.

Image build API endpoint (`/build`) and `ImageBuild` function from `github.com/docker/docker/client` is also affected as it the uses classic builder by default.

### Patches

Patches are included in Moby releases:

- v25.0.2
- v24.0.9
- v23.0.10

### Workarounds

- Use `--no-cache` or use Buildkit if possible (`DOCKER_BUILDKIT=1`, it's default on 23.0+ assuming that the buildx plugin is installed).
- Use `Version = types.BuilderBuildKit` or `NoCache = true` in `ImageBuildOptions` for `ImageBuild` call.

Aliases

alias	CVE-2024-24557

alias	GHSA-xw73-rw38-6vjc

Fixed_packages

url	pkg:apk/alpine/docker@25.0.2-r0?arch=s390x&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=s390x&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=s390x&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=armv7&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=armv7&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=aarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=s390x&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=s390x&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=x86&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=armhf&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=armhf&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=armhf&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=armv7&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=armv7&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=armv7&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=x86&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=x86&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=x86_64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=ppc64le&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=ppc64le&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=ppc64le&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=s390x&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=s390x&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=s390x&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=aarch64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=armv7&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=armv7&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=ppc64le&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=ppc64le&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=s390x&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=s390x&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=s390x&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=x86&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=x86&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=x86&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=armv7&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=armv7&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=armv7&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=ppc64le&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=ppc64le&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=riscv64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=riscv64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=riscv64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=x86&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=x86&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=x86&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=x86_64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=x86_64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=x86_64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=aarch64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=aarch64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=aarch64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=riscv64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=riscv64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=riscv64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=aarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=armhf&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=armhf&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=x86&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=x86&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=x86&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=armhf&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=armhf&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=riscv64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=riscv64&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=s390x&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=s390x&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=armv7&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=armv7&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=armv7&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=x86_64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=x86_64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=x86_64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=aarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=aarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=aarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=armhf&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=armhf&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=s390x&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=s390x&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=s390x&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=armhf&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=armhf&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=armhf&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=ppc64le&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=ppc64le&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=riscv64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=riscv64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=riscv64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=s390x&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=s390x&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=s390x&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=armv7&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=loongarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=loongarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=ppc64le&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=ppc64le&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=x86&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=x86_64&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=aarch64&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=aarch64&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=aarch64&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=armhf&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=x86&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=x86&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=x86&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=x86_64&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=x86_64&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=x86_64&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=armhf&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=armhf&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=armv7&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=armv7&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@25.0.2-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@25.0.2-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community

url	pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1
purl	pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1

url	pkg:deb/debian/docker.io@26.1.4%2Bdfsg1-9?distro=trixie
purl	pkg:deb/debian/docker.io@26.1.4%2Bdfsg1-9?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.4%252Bdfsg1-9%3Fdistro=trixie

url	pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9
purl	pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9

url	pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie
purl	pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie

url	pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie
purl	pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie

url	pkg:ebuild/app-containers/docker@25.0.4
purl	pkg:ebuild/app-containers/docker@25.0.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4

Affected_packages

url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sky-21r5-3qcu

vulnerability	VCID-6tg9-3vhh-muae

vulnerability	VCID-8e1u-z6kg-ryhc

vulnerability	VCID-avqu-wswg-c3ga

vulnerability	VCID-b2qe-8u58-2qck

vulnerability	VCID-bzeb-kj67-vfds

vulnerability	VCID-e82r-vc77-f7bz

vulnerability	VCID-njcw-wc13-dqcz

vulnerability	VCID-quyf-eq2s-dbda

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2

purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sky-21r5-3qcu

vulnerability	VCID-41ft-14gt-bbbq

vulnerability	VCID-6tg9-3vhh-muae

vulnerability	VCID-8e1u-z6kg-ryhc

vulnerability	VCID-avqu-wswg-c3ga

vulnerability	VCID-b2qe-8u58-2qck

vulnerability	VCID-bzeb-kj67-vfds

vulnerability	VCID-e82r-vc77-f7bz

vulnerability	VCID-njcw-wc13-dqcz

vulnerability	VCID-quyf-eq2s-dbda

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2

url pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sky-21r5-3qcu

vulnerability	VCID-6tg9-3vhh-muae

vulnerability	VCID-8e1u-z6kg-ryhc

vulnerability	VCID-b2qe-8u58-2qck

vulnerability	VCID-njcw-wc13-dqcz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1

purl pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sky-21r5-3qcu

vulnerability	VCID-6tg9-3vhh-muae

vulnerability	VCID-8e1u-z6kg-ryhc

vulnerability	VCID-b2qe-8u58-2qck

vulnerability	VCID-njcw-wc13-dqcz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24557.json

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24557.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-24557

reference_id

reference_type

scores

value	0.00083
scoring_system	epss
scoring_elements	0.24292
published_at	2026-04-21T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24317
published_at	2026-04-18T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24328
published_at	2026-04-16T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.2431
published_at	2026-04-13T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24367
published_at	2026-04-12T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24409
published_at	2026-04-11T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24392
published_at	2026-04-09T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24348
published_at	2026-04-08T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24281
published_at	2026-04-07T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24498
published_at	2026-04-04T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24464
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-24557

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24557
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24557

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/moby/moby

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moby/moby

reference_url

https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T15:20:50Z/

url

https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae

reference_url

https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd

reference_url

https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff

reference_url

https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T15:20:50Z/

url

https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-24557

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-24557

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071745
reference_id	1071745
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071745

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2262352
reference_id	2262352
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2262352

reference_url	https://security.gentoo.org/glsa/202409-29
reference_id	GLSA-202409-29
reference_type
scores
url	https://security.gentoo.org/glsa/202409-29

reference_url	https://access.redhat.com/errata/RHSA-2025:11749
reference_id	RHSA-2025:11749
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11749

reference_url	https://access.redhat.com/errata/RHSA-2025:9340
reference_id	RHSA-2025:9340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9340

Weaknesses

cwe_id	345
name	Insufficient Verification of Data Authenticity
description	The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

cwe_id	346
name	Origin Validation Error
description	The product does not properly verify that the source of data or communication is valid.

cwe_id	494
name	Download of Code Without Integrity Check
description	The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njcw-wc13-dqcz

Vulnerability Instance