Vulnerabilities > CVE-2024-23650 - Unspecified vulnerability in Mobyproject Buildkit

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

mobyproject

NVD

Published: 2024-01-31

Updated: 2024-11-21

Summary

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.

Vulnerable Configurations

Part	Description	Count
Application	Mobyproject Mobyproject Buildkit 0.10.0 Mobyproject Buildkit 0.10.1 Mobyproject Buildkit 0.10.2 Mobyproject Buildkit 0.10.3 Mobyproject Buildkit 0.10.4 Mobyproject Buildkit 0.10.5 Mobyproject Buildkit 0.10.6 Mobyproject Buildkit 0.11.0 Mobyproject Buildkit 0.11.1 Mobyproject Buildkit 0.11.2 Mobyproject Buildkit 0.11.3 Mobyproject Buildkit 0.11.4 Mobyproject Buildkit 0.11.5 Mobyproject Buildkit 0.11.6 Mobyproject Buildkit 0.12.0 Mobyproject Buildkit 0.12.1 Mobyproject Buildkit 0.12.2 Mobyproject Buildkit 0.12.3 Mobyproject Buildkit 0.12.4	27

Summary

Vulnerable Configurations

References