org.apache.mesos:mesos (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.mesos:mesos, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2019-0204 — CVSS 7.8 (high): A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the…
CVE-2017-7687 — CVSS 7.5 (high): When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2…
CVE-2017-9790 — CVSS 7.5 (high): When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before…
CVE-2018-11793 — CVSS 7.5 (high): When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to…
CVE-2018-1330 — CVSS 7.5 (high): When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing…
CVE-2018-8023 — CVSS 5.9 (medium): Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions…