[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-23652":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":44,"downstream":45,"duplicates":76,"related":77,"reserved_at":9,"published_at":119,"modified_at":120,"state":121,"summary":122,"references_raw":131,"kevs":163,"epss":164,"epss_history":167,"metrics":428,"affected":440},"CVE-2024-23652","BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[],[42,43],"GHSA-4v98-7qmw-rqr8","GO-2024-2494",[],[46,48,50,52,54,56,58,60,62,64,66,68,70,72,74],{"_key":47},"SUSE-SU-2024:0586-2",{"_key":49},"SUSE-SU-2024:0587-1",{"_key":51},"SUSE-SU-2024:1469-1",{"_key":53},"SUSE-SU-2025:03540-1",{"_key":55},"UBUNTU-CVE-2024-23652",{"_key":57},"SUSE-SU-2024:0586-1",{"_key":59},"SUSE-SU-2024:3120-1",{"_key":61},"OPENSUSE-SU-2024:13651-1",{"_key":63},"OPENSUSE-SU-2024:13689-1",{"_key":65},"OPENSUSE-SU-2024:14059-1",{"_key":67},"SUSE-SU-2025:20056-1",{"_key":69},"SUSE-SU-2025:20107-1",{"_key":71},"SUSE-SU-2025:03545-1",{"_key":73},"OPENSUSE-SU-2025:15589-1",{"_key":75},"USN-7474-1",[],[78,79,80,81,82,83,84,85,86,87,88,89,90,91,93,95,97,99,101,103,105,107,109,111,113,115,117],{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":92},"CGA-2CV7-75Q6-CVRQ",{"_key":94},"CGA-4V29-M22X-5M58",{"_key":96},"CGA-7VXC-HP2W-725J",{"_key":98},"CGA-7WR2-GXV6-5G96",{"_key":100},"CGA-9RHV-6X5X-P3WH",{"_key":102},"CGA-CF38-MJ9P-M2H7",{"_key":104},"CGA-HQHV-F77R-CQ7C",{"_key":106},"CGA-JH3P-VG64-HM2M",{"_key":108},"CGA-M737-5XV8-M883",{"_key":110},"CGA-MP67-G995-65F4",{"_key":112},"CGA-RPW2-9V92-4G7F",{"_key":114},"CGA-WGV3-9HRX-GJ3G",{"_key":116},"CGA-X5PW-XWXW-P7JX",{"_key":118},"CGA-HF9M-RH54-HC2X","2024-01-31T21:57:42.774Z","2025-06-17T21:29:21.838Z","Modified",{"cisa_kev":123,"cisa_ransomware":123,"cisa_vendor":9,"epss_severity":124,"epss_score":125,"severity":126,"severity_score":127,"severity_version":128,"severity_source":129,"severity_vector":130,"severity_status":121},false,"low",0.05701,"critical",10,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",[132,142,149,154,158],{"url":133,"sources":134,"tags":137},"https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8",[129,135,136],"nvd","osv_go",[138,139,140,141],"X Refsource CONFIRM","Vendor Advisory","WEB","Advisory",{"url":143,"sources":144,"tags":145},"https://github.com/moby/buildkit/pull/4603",[129,135,136],[146,147,139,140,148],"X Refsource MISC","Patch","FIX",{"url":150,"sources":151,"tags":152},"https://github.com/moby/buildkit/releases/tag/v0.12.5",[129,135,136],[146,147,153,140],"Release Notes",{"url":155,"sources":156,"tags":157},"https://nvd.nist.gov/vuln/detail/CVE-2024-23652",[136],[141],{"url":159,"sources":160,"tags":161},"https://github.com/moby/buildkit",[136],[162],"PACKAGE",[],{"date":165,"score":125,"percentile":166},"2026-06-04",0.90574,[168,172,175,178,181,184,186,189,191,194,198,201,204,207,210,214,217,220,224,227,229,232,235,237,240,243,246,249,252,255,258,261,263,266,270,273,276,279,282,285,288,291,294,296,299,302,305,307,310,312,315,318,321,324,327,329,331,334,337,340,343,346,348,351,354,357,360,362,365,367,370,373,376,379,382,385,388,391,394,396,399,401,404,407,410,413,416,419,422,425],{"date":169,"score":170,"percentile":171},"2025-11-04",0.04855,0.89044,{"date":173,"score":170,"percentile":174},"2025-11-05",0.89043,{"date":176,"score":170,"percentile":177},"2025-11-06",0.89037,{"date":179,"score":170,"percentile":180},"2025-11-07",0.89045,{"date":182,"score":170,"percentile":183},"2025-11-08",0.89047,{"date":185,"score":170,"percentile":180},"2025-11-09",{"date":187,"score":170,"percentile":188},"2025-11-10",0.89041,{"date":190,"score":170,"percentile":174},"2025-11-11",{"date":192,"score":170,"percentile":193},"2025-11-12",0.8905,{"date":195,"score":196,"percentile":197},"2025-11-13",0.04203,0.88239,{"date":199,"score":196,"percentile":200},"2025-11-14",0.88243,{"date":202,"score":170,"percentile":203},"2025-11-15",0.89054,{"date":205,"score":170,"percentile":206},"2025-11-16",0.89057,{"date":208,"score":170,"percentile":209},"2025-11-17",0.89055,{"date":211,"score":212,"percentile":213},"2025-11-18",0.02027,0.82332,{"date":215,"score":212,"percentile":216},"2025-11-19",0.82334,{"date":218,"score":212,"percentile":219},"2025-11-20",0.82338,{"date":221,"score":222,"percentile":223},"2025-11-21",0.04982,0.89212,{"date":225,"score":222,"percentile":226},"2025-11-22",0.89213,{"date":228,"score":222,"percentile":223},"2025-11-23",{"date":230,"score":222,"percentile":231},"2025-11-24",0.89214,{"date":233,"score":222,"percentile":234},"2025-11-25",0.89217,{"date":236,"score":222,"percentile":231},"2025-11-26",{"date":238,"score":222,"percentile":239},"2025-11-27",0.89216,{"date":241,"score":222,"percentile":242},"2025-11-28",0.89208,{"date":244,"score":222,"percentile":245},"2025-11-29",0.89277,{"date":247,"score":222,"percentile":248},"2025-11-30",0.89274,{"date":250,"score":222,"percentile":251},"2025-12-01",0.89334,{"date":253,"score":222,"percentile":254},"2025-12-02",0.89337,{"date":256,"score":170,"percentile":257},"2025-12-03",0.89193,{"date":259,"score":170,"percentile":260},"2025-12-04",0.89133,{"date":262,"score":170,"percentile":260},"2025-12-05",{"date":264,"score":170,"percentile":265},"2025-12-06",0.89131,{"date":267,"score":268,"percentile":269},"2025-12-07",0.03842,0.87753,{"date":271,"score":268,"percentile":272},"2025-12-08",0.87754,{"date":274,"score":268,"percentile":275},"2025-12-09",0.87768,{"date":277,"score":170,"percentile":278},"2025-12-10",0.89153,{"date":280,"score":170,"percentile":281},"2025-12-11",0.89156,{"date":283,"score":170,"percentile":284},"2025-12-12",0.89161,{"date":286,"score":170,"percentile":287},"2025-12-13",0.89162,{"date":289,"score":170,"percentile":290},"2025-12-14",0.89163,{"date":292,"score":170,"percentile":293},"2025-12-15",0.89165,{"date":295,"score":170,"percentile":293},"2025-12-16",{"date":297,"score":170,"percentile":298},"2025-12-17",0.89169,{"date":300,"score":170,"percentile":301},"2025-12-18",0.89174,{"date":303,"score":170,"percentile":304},"2025-12-19",0.89175,{"date":306,"score":170,"percentile":301},"2025-12-20",{"date":308,"score":170,"percentile":309},"2025-12-21",0.89183,{"date":311,"score":170,"percentile":309},"2025-12-22",{"date":313,"score":170,"percentile":314},"2025-12-23",0.89184,{"date":316,"score":170,"percentile":317},"2025-12-24",0.89191,{"date":319,"score":170,"percentile":320},"2025-12-25",0.89202,{"date":322,"score":170,"percentile":323},"2025-12-26",0.892,{"date":325,"score":170,"percentile":326},"2025-12-27",0.8925,{"date":328,"score":170,"percentile":257},"2025-12-28",{"date":330,"score":170,"percentile":317},"2025-12-29",{"date":332,"score":170,"percentile":333},"2025-12-30",0.89197,{"date":335,"score":170,"percentile":336},"2025-12-31",0.89205,{"date":338,"score":170,"percentile":339},"2026-01-01",0.89276,{"date":341,"score":170,"percentile":342},"2026-01-02",0.89271,{"date":344,"score":170,"percentile":345},"2026-01-03",0.8927,{"date":347,"score":170,"percentile":336},"2026-01-04",{"date":349,"score":170,"percentile":350},"2026-01-05",0.89204,{"date":352,"score":268,"percentile":353},"2026-01-06",0.87826,{"date":355,"score":268,"percentile":356},"2026-01-07",0.87828,{"date":358,"score":268,"percentile":359},"2026-01-08",0.87833,{"date":361,"score":268,"percentile":359},"2026-01-09",{"date":363,"score":268,"percentile":364},"2026-01-10",0.87834,{"date":366,"score":268,"percentile":353},"2026-01-11",{"date":368,"score":268,"percentile":369},"2026-01-12",0.87825,{"date":371,"score":268,"percentile":372},"2026-01-13",0.87823,{"date":374,"score":268,"percentile":375},"2026-01-14",0.87837,{"date":377,"score":268,"percentile":378},"2026-01-15",0.87839,{"date":380,"score":268,"percentile":381},"2026-01-16",0.87843,{"date":383,"score":170,"percentile":384},"2026-01-17",0.89234,{"date":386,"score":170,"percentile":387},"2026-01-18",0.89232,{"date":389,"score":170,"percentile":390},"2026-01-19",0.89227,{"date":392,"score":170,"percentile":393},"2026-01-20",0.89231,{"date":395,"score":170,"percentile":384},"2026-01-21",{"date":397,"score":170,"percentile":398},"2026-01-22",0.89238,{"date":400,"score":170,"percentile":326},"2026-01-23",{"date":402,"score":170,"percentile":403},"2026-01-24",0.89257,{"date":405,"score":170,"percentile":406},"2026-01-25",0.89259,{"date":408,"score":170,"percentile":409},"2026-01-26",0.89256,{"date":411,"score":170,"percentile":412},"2026-01-27",0.89255,{"date":414,"score":170,"percentile":415},"2026-01-28",0.8926,{"date":417,"score":170,"percentile":418},"2026-01-29",0.89263,{"date":420,"score":170,"percentile":421},"2026-01-30",0.89264,{"date":423,"score":170,"percentile":424},"2026-01-31",0.89262,{"date":426,"score":170,"percentile":427},"2026-02-01",0.89328,[429,433,438],{"source":129,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":430,"cvss_v4_0":9},{"baseScore":127,"baseSeverity":431,"vectorString":130,"impactScore":432,"exploitabilityScore":127},"CRITICAL",9.7,{"source":135,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":434,"cvss_v4_0":9},{"baseScore":435,"baseSeverity":431,"vectorString":436,"impactScore":437,"exploitabilityScore":127},9.1,"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",8.7,{"source":136,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":439,"cvss_v4_0":9},{"baseScore":127,"baseSeverity":9,"vectorString":130,"impactScore":432,"exploitabilityScore":127},[441,454,460],{"ecosystem":442,"name":443,"vendor":444,"product":445,"cpe_part":9,"purl_type":446,"purl_namespace":444,"purl_name":445,"source":9,"versions":447},"Go","github.com/moby/buildkit","github.com/moby","buildkit","golang",[448],{"version":449,"is_range":450,"range_type":451,"version_start":9,"version_start_type":9,"version_end":452,"version_end_type":453,"fixed_in":9},"lt0_12_5",true,"semver","0.12.5","excluding",{"ecosystem":9,"name":445,"vendor":455,"product":445,"cpe_part":456,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":457},"moby","a",[458],{"version":459,"is_range":450,"range_type":129,"version_start":9,"version_start_type":9,"version_end":452,"version_end_type":453,"fixed_in":9},"\u003C 0.12.5",{"ecosystem":9,"name":445,"vendor":461,"product":445,"cpe_part":456,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":462},"mobyproject",[463],{"version":464,"is_range":450,"range_type":465,"version_start":9,"version_start_type":9,"version_end":452,"version_end_type":453,"fixed_in":9},"lt0.12.5","cpe"]