A malicious BuildKit frontend or Dockerfile using RUN --mount
could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system.
The issue has been fixed in v0.12.5
Avoid using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing RUN --mount
feature.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
3.9
3.9
-
3.9
-
-
1.0
CGA-2cv7-75q6-cvrq
-
CGA-4v29-m22x-5m58
-
CGA-7vxc-hp2w-725j
-
CGA-7wr2-gxv6-5g96
-
CGA-9rhv-6x5x-p3wh
-
CGA-cf38-mj9p-m2h7
-
CGA-hqhv-f77r-cq7c
-
CGA-jh3p-vg64-hm2m
-
CGA-m737-5xv8-m883
-
CGA-mp67-g995-65f4
-
CGA-rpw2-9v92-4g7f
-
CGA-wgv3-9hrx-gj3g
-
CGA-x5pw-xwxw-p7jx
-