Tag
A malicious BuildKit frontend can craft API messages that write files outside the BuildKit state directory, leading to file escape, fixed in v0.28.1+ and requires using an untrusted frontend with `#syntax` or `--build-arg BUILDKIT_SYNTAX`.