<p>Upgrade <code>org.apache.mesos:mesos</code> to version 1.1.3-rc1, 1.2.2-rc1, 1.3.1-rc1 or higher.</p>

Improper Data Handling Affecting org.apache.mesos:mesos package, versions [,1.1.3-rc1) [1.2.0, 1.2.2-rc1) [1.3.0, 1.3.1-rc1)

Snyk CVSS

Attack Complexity Low

Availability High

Threat Intelligence

EPSS 0.08% (32^nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-ORGAPACHEMESOS-3094798
published 26 Jan 2022
disclosed 29 Sep 2017
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 29 Sep 2017

CVE-2017-7687 Open this link in a new tab CWE-19 Open this link in a new tab

How to fix?

Upgrade org.apache.mesos:mesos to version 1.1.3-rc1, 1.2.2-rc1, 1.3.1-rc1 or higher.

Overview

org.apache.mesos:mesos is a The Apache Mesos Java API jar.

Affected versions of this package are vulnerable to Improper Data Handling. When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.