BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.
References
Link | Resource |
---|---|
https://github.com/moby/buildkit/pull/4601 | Patch Vendor Advisory |
https://github.com/moby/buildkit/releases/tag/v0.12.5 | Patch Release Notes |
https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx | Vendor Advisory |
Configurations
History
09 Feb 2024, 01:38
Type | Values Removed | Values Added |
---|---|---|
First Time |
Mobyproject
Mobyproject buildkit |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | () https://github.com/moby/buildkit/releases/tag/v0.12.5 - Patch, Release Notes | |
References | () https://github.com/moby/buildkit/pull/4601 - Patch, Vendor Advisory | |
References | () https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx - Vendor Advisory | |
CPE | cpe:2.3:a:mobyproject:buildkit:*:*:*:*:*:*:*:* |
31 Jan 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-31 22:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-23650
Mitre link : CVE-2024-23650
CVE.ORG link : CVE-2024-23650
JSON object : View
Products Affected
mobyproject
- buildkit
CWE
CWE-754
Improper Check for Unusual or Exceptional Conditions