Vulnerabilities > CVE-2024-23650 - Improper Check for Unusual or Exceptional Conditions vulnerability in Mobyproject Buildkit

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

mobyproject

CWE-754

NVD

Published: 2024-01-31

Updated: 2024-02-09

Summary

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.

Vulnerable Configurations

Part	Description	Count
Application	Mobyproject Mobyproject Buildkit 0.10.0 Mobyproject Buildkit 0.10.1 Mobyproject Buildkit 0.10.2 Mobyproject Buildkit 0.10.3 Mobyproject Buildkit 0.10.4 Mobyproject Buildkit 0.10.5 Mobyproject Buildkit 0.10.6 Mobyproject Buildkit 0.11.0 Mobyproject Buildkit 0.11.1 Mobyproject Buildkit 0.11.2 Mobyproject Buildkit 0.11.3 Mobyproject Buildkit 0.11.4 Mobyproject Buildkit 0.11.5 Mobyproject Buildkit 0.11.6 Mobyproject Buildkit 0.12.0 Mobyproject Buildkit 0.12.1 Mobyproject Buildkit 0.12.2 Mobyproject Buildkit 0.12.3 Mobyproject Buildkit 0.12.4	27

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References