Application security news, updated daily (if there is any news to share).
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.
GitHub advisory for BuildKit reports a High path traversal enabling untrusted custom frontends to write files outside the build state directory in versions prior to `0.28.1`.
Socket reports Trivy Docker Hub tags 0.69.5 and 0.69.6 were pushed without GitHub releases and contain TeamPCP infostealer indicators, impacting pipelines that pull `aquasec/trivy` by tag.