5.3
CVSS V3
BuildKit vulnerable to possible panic when incorrect parameters sent from frontend
A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic.
The issue has been fixed in v0.12.5
Avoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the #syntax line on your Dockerfile, or with --frontend flag when using buildctl build command.
