​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-hc95-x7c3-393j

Published

Last updated

https://images.chainguard.dev/security/CGA-hc95-x7c3-393j
Package

kaniko

Latest Update
Fixed
Fixed Version

1.20.1-r0

Aliases
  • CVE-2024-23650
  • GHSA-9p26-698r-w4hx

Severity

5.3

Medium

CVSS V3

Summary

BuildKit vulnerable to possible panic when incorrect parameters sent from frontend

Description

Impact

A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic.

Patches

The issue has been fixed in v0.12.5

Workarounds

Avoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the #syntax line on your Dockerfile, or with --frontend flag when using buildctl build command.

References

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images