Improper Data Handling Affecting org.apache.mesos:mesos package, versions [,1.1.3-rc1) [1.2.0, 1.2.2-rc1) [1.3.0, 1.3.1-rc1)
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGAPACHEMESOS-3094798
- published 26 Jan 2022
- disclosed 29 Sep 2017
- credit Unknown
Introduced: 29 Sep 2017
CVE-2017-7687 Open this link in a new tabHow to fix?
Upgrade org.apache.mesos:mesos
to version 1.1.3-rc1, 1.2.2-rc1, 1.3.1-rc1 or higher.
Overview
org.apache.mesos:mesos is a The Apache Mesos Java API jar.
Affected versions of this package are vulnerable to Improper Data Handling. When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.