org.apache.mesos:mesos@0.26.1-rc4 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.mesos:mesos package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Improper Data Handling

org.apache.mesos:mesos is a The Apache Mesos Java API jar.

Affected versions of this package are vulnerable to Improper Data Handling. When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

How to fix Improper Data Handling?

Upgrade org.apache.mesos:mesos to version 1.1.3-rc1, 1.2.2-rc1, 1.3.1-rc1 or higher.

[,1.1.3-rc1) [1.2.0,1.2.2-rc1) [1.3.0,1.3.1-rc1)
  • H
Improper Data Handling

org.apache.mesos:mesos is a The Apache Mesos Java API jar.

Affected versions of this package are vulnerable to Improper Data Handling. When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

How to fix Improper Data Handling?

Upgrade org.apache.mesos:mesos to version 1.1.3-rc1, 1.2.2-rc1, 1.3.1-rc1 or higher.

[,1.1.3-rc1) [1.2.0,1.2.2-rc1) [1.3.0,1.3.1-rc1)
  • H
Out-of-bounds

org.apache.mesos:mesos is a The Apache Mesos Java API jar.

Affected versions of this package are vulnerable to Out-of-bounds. When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

How to fix Out-of-bounds?

Upgrade org.apache.mesos:mesos to version 1.7.1, 1.6.2, 1.5.2, 1.4.3 or higher.

[1.7.0,1.7.1) [1.6.0,1.6.2) [1.5.0,1.5.2) [,1.4.3)