{"url":"http://public2.vulnerablecode.io/api/packages/436075?format=json","purl":"pkg:apk/alpine/docker@25.0.2-r0?arch=riscv64&distroversion=v3.22&reponame=community","type":"apk","namespace":"alpine","name":"docker","version":"25.0.2-r0","qualifiers":{"arch":"riscv64","distroversion":"v3.22","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"26.0.0-r0","latest_non_vulnerable_version":"28.3.3-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14357?format=json","vulnerability_id":"VCID-9j8p-hqfn-q7bj","summary":"BuildKit vulnerable to possible host system access from mount stub cleaner\n### Impact\nA malicious BuildKit frontend or Dockerfile using `RUN --mount` could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system.\n\n### Patches\nThe issue has been fixed in v0.12.5\n\n### Workarounds\nAvoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing `RUN --mount` feature.\n\n### References","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23652.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23652","reference_id":"","reference_type":"","scores":[{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90437","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90441","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90428","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.9043","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90423","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90415","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90408","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90378","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90394","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.9039","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23652"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/buildkit","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit"},{"reference_url":"https://github.com/moby/buildkit/pull/4603","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/"}],"url":"https://github.com/moby/buildkit/pull/4603"},{"reference_url":"https://github.com/moby/buildkit/releases/tag/v0.12.5","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/"}],"url":"https://github.com/moby/buildkit/releases/tag/v0.12.5"},{"reference_url":"https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/"}],"url":"https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23652","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23652"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262225","reference_id":"2262225","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262225"},{"reference_url":"https://security.gentoo.org/glsa/202407-12","reference_id":"GLSA-202407-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-12"},{"reference_url":"https://security.gentoo.org/glsa/202407-25","reference_id":"GLSA-202407-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-25"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"},{"reference_url":"https://usn.ubuntu.com/7474-1/","reference_id":"USN-7474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/436075?format=json","purl":"pkg:apk/alpine/docker@25.0.2-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2024-23652","GHSA-4v98-7qmw-rqr8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9j8p-hqfn-q7bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14344?format=json","vulnerability_id":"VCID-ba18-6srf-ufbu","summary":"BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts\n### Impact\nTwo malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container.\n\n### Patches\nThe issue has been fixed in v0.12.5\n\n### Workarounds\nAvoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with `--mount=type=cache,source=...` options.\n\n### References\nhttps://www.openwall.com/lists/oss-security/2019/05/28/1","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23651.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23651.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23651","reference_id":"","reference_type":"","scores":[{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67872","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67903","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67853","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67967","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67923","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67942","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67929","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67891","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67927","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67941","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67917","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68451","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68456","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23651"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/buildkit","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit"},{"reference_url":"https://github.com/moby/buildkit/pull/4604","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/"}],"url":"https://github.com/moby/buildkit/pull/4604"},{"reference_url":"https://github.com/moby/buildkit/releases/tag/v0.12.5","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/"}],"url":"https://github.com/moby/buildkit/releases/tag/v0.12.5"},{"reference_url":"https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/"}],"url":"https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23651","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23651"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262224","reference_id":"2262224","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262224"},{"reference_url":"https://security.gentoo.org/glsa/202407-12","reference_id":"GLSA-202407-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-12"},{"reference_url":"https://security.gentoo.org/glsa/202407-25","reference_id":"GLSA-202407-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-25"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"},{"reference_url":"https://usn.ubuntu.com/7474-1/","reference_id":"USN-7474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/436075?format=json","purl":"pkg:apk/alpine/docker@25.0.2-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2024-23651","GHSA-m3r6-h7wv-7xxv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ba18-6srf-ufbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14163?format=json","vulnerability_id":"VCID-dmsf-7cxm-xff5","summary":"Buildkit's interactive containers API does not validate entitlements check\n### Impact\nIn addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request.\n\n### Patches\nThe issue has been fixed in v0.12.5 .\n\n### Workarounds\nAvoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the `#syntax` line on your Dockerfile, or with `--frontend` flag when using `buildctl build` command.\n\n### References","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23653.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23653.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23653","reference_id":"","reference_type":"","scores":[{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93177","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93197","published_at":"2026-04-18T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93192","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93176","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93175","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93156","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.9316","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93158","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93167","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93171","published_at":"2026-04-09T12:55:00Z"},{"value":"0.1055","scoring_system":"epss","scoring_elements":"0.93296","published_at":"2026-04-21T12:55:00Z"},{"value":"0.1055","scoring_system":"epss","scoring_elements":"0.93294","published_at":"2026-04-29T12:55:00Z"},{"value":"0.1055","scoring_system":"epss","scoring_elements":"0.93299","published_at":"2026-04-26T12:55:00Z"},{"value":"0.1055","scoring_system":"epss","scoring_elements":"0.93302","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23653"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/buildkit","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit"},{"reference_url":"https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e"},{"reference_url":"https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e"},{"reference_url":"https://github.com/moby/buildkit/pull/4602","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/"}],"url":"https://github.com/moby/buildkit/pull/4602"},{"reference_url":"https://github.com/moby/buildkit/releases/tag/v0.12.5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/"}],"url":"https://github.com/moby/buildkit/releases/tag/v0.12.5"},{"reference_url":"https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/"}],"url":"https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23653","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23653"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262226","reference_id":"2262226","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262226"},{"reference_url":"https://security.gentoo.org/glsa/202407-12","reference_id":"GLSA-202407-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-12"},{"reference_url":"https://security.gentoo.org/glsa/202407-25","reference_id":"GLSA-202407-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-25"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/436075?format=json","purl":"pkg:apk/alpine/docker@25.0.2-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2024-23653","GHSA-wr6v-9f75-vh2g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmsf-7cxm-xff5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14261?format=json","vulnerability_id":"VCID-f5eu-ram7-v3fr","summary":"BuildKit vulnerable to possible panic when incorrect parameters sent from frontend\n### Impact\nA malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic.\n\n### Patches\nThe issue has been fixed in v0.12.5\n\n### Workarounds\nAvoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the `#syntax` line on your Dockerfile, or with `--frontend` flag when using `buildctl build` command. \n\n### References","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23650.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23650.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23650","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28927","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29001","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29112","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29328","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29231","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29301","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29275","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29405","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29454","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29266","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29331","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29371","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29375","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23650"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/buildkit","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit"},{"reference_url":"https://github.com/moby/buildkit/commit/481d9c45f473c58537f39694a38d7995cc656987","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/commit/481d9c45f473c58537f39694a38d7995cc656987"},{"reference_url":"https://github.com/moby/buildkit/commit/7718bd5c3dc8fc5cd246a30cc41766e7a53c043c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/commit/7718bd5c3dc8fc5cd246a30cc41766e7a53c043c"},{"reference_url":"https://github.com/moby/buildkit/commit/83edaef59d545b93e2750f1f85675a3764593fee","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/commit/83edaef59d545b93e2750f1f85675a3764593fee"},{"reference_url":"https://github.com/moby/buildkit/commit/96663dd35bf3787d7efb1ee7fd9ac7fe533582ae","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/commit/96663dd35bf3787d7efb1ee7fd9ac7fe533582ae"},{"reference_url":"https://github.com/moby/buildkit/commit/e1924dc32da35bfb0bfdbb9d0fc7bca25e552330","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/commit/e1924dc32da35bfb0bfdbb9d0fc7bca25e552330"},{"reference_url":"https://github.com/moby/buildkit/pull/4601","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T20:14:10Z/"}],"url":"https://github.com/moby/buildkit/pull/4601"},{"reference_url":"https://github.com/moby/buildkit/releases/tag/v0.12.5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T20:14:10Z/"}],"url":"https://github.com/moby/buildkit/releases/tag/v0.12.5"},{"reference_url":"https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T20:14:10Z/"}],"url":"https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23650","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23650"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262272","reference_id":"2262272","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262272"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2988","reference_id":"RHSA-2024:2988","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2988"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/436075?format=json","purl":"pkg:apk/alpine/docker@25.0.2-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2024-23650","GHSA-9p26-698r-w4hx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5eu-ram7-v3fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15326?format=json","vulnerability_id":"VCID-njcw-wc13-dqcz","summary":"Classic builder cache poisoning\nThe classic builder cache system is prone to cache poisoning if the image is built `FROM scratch`.\nAlso, changes to some instructions (most important being `HEALTHCHECK` and `ONBUILD`) would not cause a cache miss.\n\n\nAn attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps.\n\nFor example, an attacker could create an image that is considered as a valid cache candidate for:\n```\nFROM scratch\nMAINTAINER Pawel\n```\n\nwhen in fact the malicious image used as a cache would be an image built from a different Dockerfile.\n\nIn the second case, the attacker could for example substitute a different `HEALTCHECK` command.\n\n\n### Impact\n\n23.0+ users are only affected if they explicitly opted out of Buildkit (`DOCKER_BUILDKIT=0` environment variable) or are using the `/build` API endpoint (which uses the classic builder by default).\n\nAll users on versions older than 23.0 could be impacted. An example could be a CI with a shared cache, or just a regular Docker user pulling a malicious image due to misspelling/typosquatting.\n\nImage build API endpoint (`/build`) and `ImageBuild` function from `github.com/docker/docker/client` is also affected as it the uses classic builder by default. \n\n\n### Patches\n\nPatches are included in Moby releases:\n\n- v25.0.2\n- v24.0.9\n- v23.0.10\n\n### Workarounds\n\n- Use `--no-cache` or use Buildkit if possible (`DOCKER_BUILDKIT=1`, it's default on 23.0+ assuming that the buildx plugin is installed).\n- Use `Version = types.BuilderBuildKit` or `NoCache = true` in `ImageBuildOptions` for `ImageBuild` call.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24557.json","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24557.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24557","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24112","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24154","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24167","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24292","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24317","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24328","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2431","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24367","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24409","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24392","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24348","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24281","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24464","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24498","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24557"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24557","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24557"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T15:20:50Z/"}],"url":"https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"},{"reference_url":"https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd"},{"reference_url":"https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T15:20:50Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24557","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24557"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071745","reference_id":"1071745","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071745"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262352","reference_id":"2262352","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262352"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11749","reference_id":"RHSA-2025:11749","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9340","reference_id":"RHSA-2025:9340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9340"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/436075?format=json","purl":"pkg:apk/alpine/docker@25.0.2-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2024-24557","GHSA-xw73-rw38-6vjc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njcw-wc13-dqcz"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@25.0.2-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"}