Improper Input Validation Affecting org.apache.mesos:mesos package, versions [1.4.0,1.4.2) [1.5.0,1.5.1)
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGAPACHEMESOS-3096797
- published 26 Jan 2022
- disclosed 13 Sep 2018
- credit Unknown
Introduced: 13 Sep 2018
CVE-2018-1330 Open this link in a new tabHow to fix?
Upgrade org.apache.mesos:mesos
to version 1.4.2, 1.5.1 or higher.
Overview
org.apache.mesos:mesos is a The Apache Mesos Java API jar.
Affected versions of this package are vulnerable to Improper Input Validation. When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.