Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.mesos/mesos@1.4.0-rc3

Type maven

Namespace org.apache.mesos

Name mesos

Version 1.4.0-rc3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.7.2

Latest_non_vulnerable_version 1.8.1

Affected_by_vulnerabilities

url VCID-7g2y-bp57-qfg6

vulnerability_id VCID-7g2y-bp57-qfg6

summary

Information Exposure
Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos, the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8023.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8023.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8023

reference_id

reference_type

scores

value	0.00783
scoring_system	epss
scoring_elements	0.74132
published_at	2026-06-05T12:55:00Z

value	0.00783
scoring_system	epss
scoring_elements	0.74099
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8023

reference_url

https://github.com/advisories/GHSA-c8cc-p3j7-4c7f

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-c8cc-p3j7-4c7f

reference_url

https://lists.apache.org/thread.html/9b9d3f6bd09f3ebd2284b82077033bdc71da550a1c4c010c2494acc3@%3Cdev.mesos.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/9b9d3f6bd09f3ebd2284b82077033bdc71da550a1c4c010c2494acc3@%3Cdev.mesos.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r0dd7ff197b2e3bdd80a0326587ca3d0c22e10d1dba17c769d6da7d7a@%3Cuser.flink.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0dd7ff197b2e3bdd80a0326587ca3d0c22e10d1dba17c769d6da7d7a@%3Cuser.flink.apache.org%3E

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1632810
reference_id	1632810
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1632810

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-8023

reference_id

CVE-2018-8023

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-8023

fixed_packages

url pkg:maven/org.apache.mesos/mesos@1.4.2

purl pkg:maven/org.apache.mesos/mesos@1.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-c5db-5znh-pqdq

vulnerability	VCID-d7b8-quba-e3cv

vulnerability	VCID-fc69-rzjb-cqf6

vulnerability	VCID-tgpj-4n6x-fqf4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.4.2

url pkg:maven/org.apache.mesos/mesos@1.5.2

purl pkg:maven/org.apache.mesos/mesos@1.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fc69-rzjb-cqf6

vulnerability	VCID-tgpj-4n6x-fqf4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.5.2

url pkg:maven/org.apache.mesos/mesos@1.6.1

purl pkg:maven/org.apache.mesos/mesos@1.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d7b8-quba-e3cv

vulnerability	VCID-fc69-rzjb-cqf6

vulnerability	VCID-tgpj-4n6x-fqf4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.6.1

aliases CVE-2018-8023, GHSA-c8cc-p3j7-4c7f

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7g2y-bp57-qfg6

url VCID-d7b8-quba-e3cv

vulnerability_id VCID-d7b8-quba-e3cv

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos might overflow the stack due to unbounded recursion.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11793.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11793.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11793

reference_id

reference_type

scores

value	0.04871
scoring_system	epss
scoring_elements	0.89755
published_at	2026-06-05T12:55:00Z

value	0.04871
scoring_system	epss
scoring_elements	0.89739
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11793

reference_url

https://github.com/advisories/GHSA-p2xq-vcm7-xjj6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-p2xq-vcm7-xjj6

reference_url

https://lists.apache.org/thread.html/9be975c53e5ad612c7e0af39f5b88837fbfbc32108e587d3d8499844@%3Cdev.mesos.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/9be975c53e5ad612c7e0af39f5b88837fbfbc32108e587d3d8499844@%3Cdev.mesos.apache.org%3E

reference_url

http://www.securityfocus.com/bid/107281

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/107281

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1687364
reference_id	1687364
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1687364

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11793

reference_id

CVE-2018-11793

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11793

fixed_packages

url pkg:maven/org.apache.mesos/mesos@1.4.3

purl pkg:maven/org.apache.mesos/mesos@1.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-c5db-5znh-pqdq

vulnerability	VCID-d7b8-quba-e3cv

vulnerability	VCID-tgpj-4n6x-fqf4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.4.3

url pkg:maven/org.apache.mesos/mesos@1.5.2

purl pkg:maven/org.apache.mesos/mesos@1.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fc69-rzjb-cqf6

vulnerability	VCID-tgpj-4n6x-fqf4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.5.2

url pkg:maven/org.apache.mesos/mesos@1.6.2

purl pkg:maven/org.apache.mesos/mesos@1.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tgpj-4n6x-fqf4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.6.2

url pkg:maven/org.apache.mesos/mesos@1.7.1-rc1

purl pkg:maven/org.apache.mesos/mesos@1.7.1-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d7b8-quba-e3cv

vulnerability	VCID-fc69-rzjb-cqf6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.7.1-rc1

url pkg:maven/org.apache.mesos/mesos@1.7.1

purl pkg:maven/org.apache.mesos/mesos@1.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fc69-rzjb-cqf6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.7.1

url	pkg:maven/org.apache.mesos/mesos@1.8.1
purl	pkg:maven/org.apache.mesos/mesos@1.8.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.8.1

aliases CVE-2018-11793, GHSA-p2xq-vcm7-xjj6

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d7b8-quba-e3cv

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.4.0-rc3

Package Instance