{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T20:03:46.107","vulnerabilities":[{"cve":{"id":"CVE-2024-23650","sourceIdentifier":"security-advisories@github.com","published":"2024-01-31T22:15:53.990","lastModified":"2026-06-17T07:13:18.483","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.\n"},{"lang":"es","value":"BuildKit es un conjunto de herramientas para convertir código fuente para crear artefactos de manera eficiente, expresiva y repetible. Un cliente o interfaz de BuildKit malicioso podría crear una solicitud que podría provocar que el daemon BuildKit se bloquee en pánico. El problema se solucionó en v0.12.5. Como workaround, evite utilizar interfaces BuildKit de fuentes que no sean de confianza."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"moby","product":"buildkit","versions":[{"version":"< 0.12.5","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"moby","product":"buildkit","defaultStatus":"unknown","cpes":["cpe:2.3:a:moby:buildkit:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThan":"0.12.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-12T20:14:10.344196Z","id":"CVE-2024-23650","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mobyproject:buildkit:*:*:*:*:*:*:*:*","versionEndExcluding":"0.12.5","matchCriteriaId":"0AAE2F08-4E4D-4B85-8230-8D5BA7788D3D"}]}]}],"references":[{"url":"https://github.com/moby/buildkit/pull/4601","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/moby/buildkit/releases/tag/v0.12.5","source":"security-advisories@github.com","tags":["Patch","Release Notes"]},{"url":"https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/moby/buildkit/pull/4601","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/moby/buildkit/releases/tag/v0.12.5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes"]},{"url":"https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}