conftest-fips
0.48.0-r2
10.0
CVSS V3
BuildKit vulnerable to possible host system access from mount stub cleaner
A malicious BuildKit frontend or Dockerfile using RUN --mount
could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system.
The issue has been fixed in v0.12.5
Avoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing RUN --mount
feature.