{"id":3539074,"name":"github.com/openshift/builder","ecosystem":"go","description":"","homepage":"https://github.com/openshift/builder","licenses":"apache-2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/openshift/builder","keywords_array":[],"namespace":"github.com/openshift","versions_count":1,"first_release_published_at":"2019-02-16T20:51:07.000Z","latest_release_published_at":"2019-02-16T20:51:07.000Z","latest_release_number":"v4.0.0+incompatible","last_synced_at":"2026-06-02T10:46:25.200Z","created_at":"2022-04-11T00:06:26.943Z","updated_at":"2026-06-02T10:46:25.201Z","registry_url":"https://pkg.go.dev/github.com/openshift/builder","install_command":"go get github.com/openshift/builder","documentation_url":"https://pkg.go.dev/github.com/openshift/builder#section-documentation","metadata":{},"repo_metadata":{"uuid":"148058222","full_name":"openshift/builder","owner":"openshift","description":"The image run by build pods to execute image building+pushing","archived":false,"fork":false,"pushed_at":"2023-02-28T19:32:52.000Z","size":110179,"stargazers_count":29,"open_issues_count":10,"forks_count":49,"subscribers_count":23,"default_branch":"master","last_synced_at":"2023-03-02T19:10:16.884Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"logo_url":null,"metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-09-09T19:23:17.000Z","updated_at":"2023-01-31T17:04:29.000Z","dependencies_parsed_at":"2023-02-16T10:30:53.462Z","dependency_job_id":null,"html_url":"https://github.com/openshift/builder","commit_stats":null,"repository_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fbuilder","tags_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fbuilder/tags","manifests_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fbuilder/manifests","owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/openshift","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":108921946,"host_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names"}},"repo_metadata_updated_at":"2023-03-21T18:44:17.484Z","dependent_packages_count":1,"downloads":null,"downloads_period":null,"dependent_repos_count":17,"rankings":{"downloads":null,"dependent_repos_count":1.2926594589415186,"dependent_packages_count":5.811627647002459,"stargazers_count":7.13159626227197,"forks_count":3.535325305822607,"docker_downloads_count":null,"average":4.442802168509639},"purl":"pkg:golang/github.com/openshift/builder","advisories":[{"uuid":"GSA_kwCzR0hTQS1xcXY4LXBoN2YtaDNmN84AA_mB","url":"https://github.com/advisories/GHSA-qqv8-ph7f-h3f7","title":"OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer","description":"A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the \"Docker\" strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-09-17T00:31:06.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.4,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-7387","https://access.redhat.com/security/cve/CVE-2024-7387","https://bugzilla.redhat.com/show_bug.cgi?id=2302259","https://github.com/openshift/builder/commit/0b62633adfa2836465202bc851885e078ec888d1","https://pkg.go.dev/vuln/GO-2024-3129","https://access.redhat.com/errata/RHSA-2024:6691","https://access.redhat.com/errata/RHSA-2024:6687","https://access.redhat.com/errata/RHSA-2024:6689","https://access.redhat.com/errata/RHSA-2024:6685","https://access.redhat.com/errata/RHSA-2024:6705","https://access.redhat.com/errata/RHSA-2024:3718","https://stuxxn.github.io/advisory/2024/10/02/openshift-build-docker-priv-esc.html","https://github.com/advisories/GHSA-qqv8-ph7f-h3f7"],"source_kind":"github","identifiers":["GHSA-qqv8-ph7f-h3f7","CVE-2024-7387"],"repository_url":"https://github.com/openshift/builder","blast_radius":7.874873096820953,"created_at":"2024-09-17T19:06:12.759Z","updated_at":"2026-04-05T20:04:18.306Z","epss_percentage":0.00792,"epss_percentile":0.73844,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xcXY4LXBoN2YtaDNmN84AA_mB","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xcXY4LXBoN2YtaDNmN84AA_mB","packages":[{"ecosystem":"go","package_name":"github.com/openshift/builder","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 4.0.0"}],"purl":"pkg:go/github.com%2Fopenshift%2Fbuilder"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xcXY4LXBoN2YtaDNmN84AA_mB/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/openshift/builder","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/openshift/builder","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/openshift/builder/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2023-08-11T20:43:13.370Z","issues_count":7,"pull_requests_count":104,"avg_time_to_close_issue":17564669.2,"avg_time_to_close_pull_request":2282247.245098039,"issues_closed_count":5,"pull_requests_closed_count":102,"pull_request_authors_count":13,"issue_authors_count":6,"avg_comments_per_issue":4.0,"avg_comments_per_pull_request":22.35576923076923,"merged_pull_requests_count":84,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":3,"past_year_pull_requests_count":47,"past_year_avg_time_to_close_issue":44818.5,"past_year_avg_time_to_close_pull_request":3070053.1555555556,"past_year_issues_closed_count":2,"past_year_pull_requests_closed_count":45,"past_year_pull_request_authors_count":7,"past_year_issue_authors_count":3,"past_year_avg_comments_per_issue":3.0,"past_year_avg_comments_per_pull_request":14.319148936170214,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":2,"past_year_merged_pull_requests_count":40},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fopenshift%2Fbuilder/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fopenshift%2Fbuilder/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fopenshift%2Fbuilder/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fopenshift%2Fbuilder/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fopenshift%2Fbuilder/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fopenshift%2Fbuilder/codemeta","maintainers":[]}