org.apache.mesos:mesos@1.7.1-rc1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.mesos:mesos package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Out-of-bounds

org.apache.mesos:mesos is a The Apache Mesos Java API jar.

Affected versions of this package are vulnerable to Out-of-bounds. When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

How to fix Out-of-bounds?

Upgrade org.apache.mesos:mesos to version 1.7.1, 1.6.2, 1.5.2, 1.4.3 or higher.

[1.7.0,1.7.1) [1.6.0,1.6.2) [1.5.0,1.5.2) [,1.4.3)