​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-pxv5-j3f8-xrpc

Published

Last updated

https://images.chainguard.dev/security/CGA-pxv5-j3f8-xrpc
Package

scorecard

Latest Update
Fixed
Fixed Version

4.13.1-r4

Aliases
  • CVE-2024-23650
  • GHSA-9p26-698r-w4hx

Severity

5.3

Medium

CVSS V3

Summary

BuildKit vulnerable to possible panic when incorrect parameters sent from frontend

Description

Impact

A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic.

Patches

The issue has been fixed in v0.12.5

Workarounds

Avoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the #syntax line on your Dockerfile, or with --frontend flag when using buildctl build command.

References

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation