VYPR

Go modules package

github.com/moby/buildkit

pkg:golang/github.com/moby/buildkit

Vulnerabilities (7)

  • CVE-2026-33748HigMar 27, 2026
    affected < 0.28.1fixed 0.28.1

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Pos

  • CVE-2026-33747HigMar 27, 2026
    affected < 0.28.1fixed 0.28.1

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit sta

  • CVE-2024-23653Jan 31, 2024
    affected < 0.12.5fixed 0.12.5

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use th

  • CVE-2024-23652Jan 31, 2024
    affected < 0.12.5fixed 0.12.5

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file o

  • CVE-2024-23651Jan 31, 2024
    affected < 0.12.5fixed 0.12.5

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host syste

  • CVE-2024-23650Jan 31, 2024
    affected < 0.12.5fixed 0.12.5

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a

  • CVE-2023-26054Mar 6, 2023
    affected >= 0.10.0, < 0.11.4fixed 0.11.4

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describ