org.apache.mesos:mesos 0.26.1 vulnerabilities

Known vulnerabilities in the org.apache.mesos:mesos package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Improper Data Handling org.apache.mesos:mesos is a The Apache Mesos Java API jar. Affected versions of this package are vulnerable to Improper Data Handling. When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable. How to fix Improper Data Handling? Upgrade `org.apache.mesos:mesos` to version 1.1.3-rc1, 1.2.2-rc1, 1.3.1-rc1 or higher.	[,1.1.3-rc1)[1.2.0,1.2.2-rc1)[1.3.0,1.3.1-rc1)
H Improper Data Handling org.apache.mesos:mesos is a The Apache Mesos Java API jar. Affected versions of this package are vulnerable to Improper Data Handling. When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable. How to fix Improper Data Handling? Upgrade `org.apache.mesos:mesos` to version 1.1.3-rc1, 1.2.2-rc1, 1.3.1-rc1 or higher.	[,1.1.3-rc1)[1.2.0,1.2.2-rc1)[1.3.0,1.3.1-rc1)
H Out-of-bounds org.apache.mesos:mesos is a The Apache Mesos Java API jar. Affected versions of this package are vulnerable to Out-of-bounds. When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable. How to fix Out-of-bounds? Upgrade `org.apache.mesos:mesos` to version 1.7.1, 1.6.2, 1.5.2, 1.4.3 or higher.	[1.7.0,1.7.1)[1.6.0,1.6.2)[1.5.0,1.5.2)[,1.4.3)

Vulnerability

Vulnerable Version

Improper Data Handling

org.apache.mesos:mesos is a The Apache Mesos Java API jar.

Affected versions of this package are vulnerable to Improper Data Handling. When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

How to fix Improper Data Handling?

Upgrade org.apache.mesos:mesos to version 1.1.3-rc1, 1.2.2-rc1, 1.3.1-rc1 or higher.

[,1.1.3-rc1)[1.2.0,1.2.2-rc1)[1.3.0,1.3.1-rc1)

Improper Data Handling

org.apache.mesos:mesos is a The Apache Mesos Java API jar.

Affected versions of this package are vulnerable to Improper Data Handling. When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

How to fix Improper Data Handling?

Upgrade org.apache.mesos:mesos to version 1.1.3-rc1, 1.2.2-rc1, 1.3.1-rc1 or higher.

[,1.1.3-rc1)[1.2.0,1.2.2-rc1)[1.3.0,1.3.1-rc1)

Out-of-bounds

org.apache.mesos:mesos is a The Apache Mesos Java API jar.

Affected versions of this package are vulnerable to Out-of-bounds. When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

How to fix Out-of-bounds?

Upgrade org.apache.mesos:mesos to version 1.7.1, 1.6.2, 1.5.2, 1.4.3 or higher.

[1.7.0,1.7.1)[1.6.0,1.6.2)[1.5.0,1.5.2)[,1.4.3)

org.apache.mesos:mesos@0.26.1 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?