Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.mesos/mesos@1.4.0-dev
purl pkg:maven/org.apache.mesos/mesos@1.4.0-dev
Tags Ghost
Next non-vulnerable version 1.7.2
Latest non-vulnerable version 1.8.1
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-669z-7etj-cugk
Aliases:
CVE-2017-9790
GHSA-vpcv-78cp-whr3
Use After Free When handling a libprocess message wrapped in an HTTP request, `libprocess` in Apache Mesos crashes if the request path is empty, because the parser assumes the request path always starts with `/`. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable. There are no reported fixed by versions.
VCID-dyhh-befu-a3a3
Aliases:
CVE-2017-7687
GHSA-x869-784m-jmj2
Uncontrolled Resource Consumption When handling a decoding failure for a malformed URL path of an HTTP request, `libprocess` in Apache Mesos might crash because the code accidentally calls inappropriate function. A malicious actor can cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:47:22.464408+00:00 GitLab Importer Affected by VCID-669z-7etj-cugk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2017-9790.yml 38.0.0
2026-04-01T12:47:22.390898+00:00 GitLab Importer Affected by VCID-dyhh-befu-a3a3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2017-7687.yml 38.0.0