{"url":"http://public2.vulnerablecode.io/api/packages/490783?format=json","purl":"pkg:apk/alpine/buildkit@0.12.5-r0?arch=armhf&distroversion=v3.22&reponame=community","type":"apk","namespace":"alpine","name":"buildkit","version":"0.12.5-r0","qualifiers":{"arch":"armhf","distroversion":"v3.22","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14357?format=json","vulnerability_id":"VCID-9j8p-hqfn-q7bj","summary":"BuildKit vulnerable to possible host system access from mount stub cleaner\n### Impact\nA malicious BuildKit frontend or Dockerfile using `RUN --mount` could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system.\n\n### Patches\nThe issue has been fixed in v0.12.5\n\n### Workarounds\nAvoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing `RUN --mount` feature.\n\n### References","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23652.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23652","reference_id":"","reference_type":"","scores":[{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90437","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90441","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90428","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.9043","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90423","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90415","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90408","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90378","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90394","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.9039","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23652"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/buildkit","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit"},{"reference_url":"https://github.com/moby/buildkit/pull/4603","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/"}],"url":"https://github.com/moby/buildkit/pull/4603"},{"reference_url":"https://github.com/moby/buildkit/releases/tag/v0.12.5","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/"}],"url":"https://github.com/moby/buildkit/releases/tag/v0.12.5"},{"reference_url":"https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/"}],"url":"https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23652","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23652"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262225","reference_id":"2262225","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262225"},{"reference_url":"https://security.gentoo.org/glsa/202407-12","reference_id":"GLSA-202407-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-12"},{"reference_url":"https://security.gentoo.org/glsa/202407-25","reference_id":"GLSA-202407-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-25"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"},{"reference_url":"https://usn.ubuntu.com/7474-1/","reference_id":"USN-7474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/490783?format=json","purl":"pkg:apk/alpine/buildkit@0.12.5-r0?arch=armhf&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildkit@0.12.5-r0%3Farch=armhf&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2024-23652","GHSA-4v98-7qmw-rqr8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9j8p-hqfn-q7bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14344?format=json","vulnerability_id":"VCID-ba18-6srf-ufbu","summary":"BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts\n### Impact\nTwo malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container.\n\n### Patches\nThe issue has been fixed in v0.12.5\n\n### Workarounds\nAvoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with `--mount=type=cache,source=...` options.\n\n### References\nhttps://www.openwall.com/lists/oss-security/2019/05/28/1","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23651.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23651.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23651","reference_id":"","reference_type":"","scores":[{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67872","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67903","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67853","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67967","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67923","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67942","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67929","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67891","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67927","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67941","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67917","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68451","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68456","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23651"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/buildkit","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit"},{"reference_url":"https://github.com/moby/buildkit/pull/4604","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/"}],"url":"https://github.com/moby/buildkit/pull/4604"},{"reference_url":"https://github.com/moby/buildkit/releases/tag/v0.12.5","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/"}],"url":"https://github.com/moby/buildkit/releases/tag/v0.12.5"},{"reference_url":"https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/"}],"url":"https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23651","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23651"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262224","reference_id":"2262224","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262224"},{"reference_url":"https://security.gentoo.org/glsa/202407-12","reference_id":"GLSA-202407-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-12"},{"reference_url":"https://security.gentoo.org/glsa/202407-25","reference_id":"GLSA-202407-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-25"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"},{"reference_url":"https://usn.ubuntu.com/7474-1/","reference_id":"USN-7474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/490783?format=json","purl":"pkg:apk/alpine/buildkit@0.12.5-r0?arch=armhf&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildkit@0.12.5-r0%3Farch=armhf&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2024-23651","GHSA-m3r6-h7wv-7xxv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ba18-6srf-ufbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14163?format=json","vulnerability_id":"VCID-dmsf-7cxm-xff5","summary":"Buildkit's interactive containers API does not validate entitlements check\n### Impact\nIn addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request.\n\n### Patches\nThe issue has been fixed in v0.12.5 .\n\n### Workarounds\nAvoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the `#syntax` line on your Dockerfile, or with `--frontend` flag when using `buildctl build` command.\n\n### References","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23653.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23653.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23653","reference_id":"","reference_type":"","scores":[{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93177","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93197","published_at":"2026-04-18T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93192","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93176","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93175","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93156","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.9316","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93158","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93167","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93171","published_at":"2026-04-09T12:55:00Z"},{"value":"0.1055","scoring_system":"epss","scoring_elements":"0.93296","published_at":"2026-04-21T12:55:00Z"},{"value":"0.1055","scoring_system":"epss","scoring_elements":"0.93294","published_at":"2026-04-29T12:55:00Z"},{"value":"0.1055","scoring_system":"epss","scoring_elements":"0.93299","published_at":"2026-04-26T12:55:00Z"},{"value":"0.1055","scoring_system":"epss","scoring_elements":"0.93302","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23653"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/buildkit","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit"},{"reference_url":"https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e"},{"reference_url":"https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e"},{"reference_url":"https://github.com/moby/buildkit/pull/4602","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/"}],"url":"https://github.com/moby/buildkit/pull/4602"},{"reference_url":"https://github.com/moby/buildkit/releases/tag/v0.12.5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/"}],"url":"https://github.com/moby/buildkit/releases/tag/v0.12.5"},{"reference_url":"https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/"}],"url":"https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23653","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23653"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262226","reference_id":"2262226","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262226"},{"reference_url":"https://security.gentoo.org/glsa/202407-12","reference_id":"GLSA-202407-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-12"},{"reference_url":"https://security.gentoo.org/glsa/202407-25","reference_id":"GLSA-202407-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-25"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/490783?format=json","purl":"pkg:apk/alpine/buildkit@0.12.5-r0?arch=armhf&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildkit@0.12.5-r0%3Farch=armhf&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2024-23653","GHSA-wr6v-9f75-vh2g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmsf-7cxm-xff5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14261?format=json","vulnerability_id":"VCID-f5eu-ram7-v3fr","summary":"BuildKit vulnerable to possible panic when incorrect parameters sent from frontend\n### Impact\nA malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic.\n\n### Patches\nThe issue has been fixed in v0.12.5\n\n### Workarounds\nAvoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the `#syntax` line on your Dockerfile, or with `--frontend` flag when using `buildctl build` command. \n\n### References","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23650.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23650.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23650","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28927","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29001","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29112","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29328","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29231","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29301","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29275","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29405","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29454","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29266","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29331","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29371","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29375","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23650"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/buildkit","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit"},{"reference_url":"https://github.com/moby/buildkit/commit/481d9c45f473c58537f39694a38d7995cc656987","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/commit/481d9c45f473c58537f39694a38d7995cc656987"},{"reference_url":"https://github.com/moby/buildkit/commit/7718bd5c3dc8fc5cd246a30cc41766e7a53c043c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/commit/7718bd5c3dc8fc5cd246a30cc41766e7a53c043c"},{"reference_url":"https://github.com/moby/buildkit/commit/83edaef59d545b93e2750f1f85675a3764593fee","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/commit/83edaef59d545b93e2750f1f85675a3764593fee"},{"reference_url":"https://github.com/moby/buildkit/commit/96663dd35bf3787d7efb1ee7fd9ac7fe533582ae","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/commit/96663dd35bf3787d7efb1ee7fd9ac7fe533582ae"},{"reference_url":"https://github.com/moby/buildkit/commit/e1924dc32da35bfb0bfdbb9d0fc7bca25e552330","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/commit/e1924dc32da35bfb0bfdbb9d0fc7bca25e552330"},{"reference_url":"https://github.com/moby/buildkit/pull/4601","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T20:14:10Z/"}],"url":"https://github.com/moby/buildkit/pull/4601"},{"reference_url":"https://github.com/moby/buildkit/releases/tag/v0.12.5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T20:14:10Z/"}],"url":"https://github.com/moby/buildkit/releases/tag/v0.12.5"},{"reference_url":"https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T20:14:10Z/"}],"url":"https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23650","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23650"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262272","reference_id":"2262272","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262272"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2988","reference_id":"RHSA-2024:2988","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2988"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/490783?format=json","purl":"pkg:apk/alpine/buildkit@0.12.5-r0?arch=armhf&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildkit@0.12.5-r0%3Farch=armhf&distroversion=v3.22&reponame=community"}],"aliases":["CVE-2024-23650","GHSA-9p26-698r-w4hx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5eu-ram7-v3fr"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildkit@0.12.5-r0%3Farch=armhf&distroversion=v3.22&reponame=community"}