VYPR
Moderate severityNVD Advisory· Published Jan 31, 2024· Updated Nov 12, 2024

BuildKit possible panic when incorrect parameters sent from frontend

CVE-2024-23650

Description

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/moby/buildkitGo
< 0.12.50.12.5

Affected products

125

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.