Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.mesos/mesos@1.4.2
purl pkg:maven/org.apache.mesos/mesos@1.4.2
Next non-vulnerable version 1.7.2
Latest non-vulnerable version 1.8.1
Risk 10.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-32mt-mbwm-bbca
Aliases:
CVE-2019-0204
GHSA-32w9-2qpc-5f9v
Improper Input Validation A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos. A malicious actor can therefore gain root-level code execution on the host.
1.4.3
Affected by 3 other vulnerabilities.
1.5.3
Affected by 1 other vulnerability.
1.6.2
Affected by 1 other vulnerability.
1.7.2
Affected by 0 other vulnerabilities.
1.8.1
Affected by 0 other vulnerabilities.
VCID-7juj-78y7-g7b6
Aliases:
CVE-2019-5736
Containment Errors (Container Errors) runc allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to `/proc/self/exe`.
1.7.1-rc1
Affected by 2 other vulnerabilities.
1.7.1
Affected by 1 other vulnerability.
VCID-httt-y1jd-1few
Aliases:
CVE-2018-1330
GHSA-95q3-pppp-r683
Improper Input Validation When parsing a malformed JSON payload, libprocess in Apache Mesos crashes due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash because of the mistakenly planted assertion.
1.5.2
Affected by 2 other vulnerabilities.
1.6.0
Affected by 5 other vulnerabilities.
1.6.1
Affected by 3 other vulnerabilities.
VCID-t39q-ds43-9kee
Aliases:
CVE-2018-11793
GHSA-p2xq-vcm7-xjj6
Improper Restriction of Operations within the Bounds of a Memory Buffer When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos might overflow the stack due to unbounded recursion.
1.4.3
Affected by 3 other vulnerabilities.
1.5.2
Affected by 2 other vulnerabilities.
1.6.2
Affected by 1 other vulnerability.
1.7.1-rc1
Affected by 2 other vulnerabilities.
1.7.1
Affected by 1 other vulnerability.
1.8.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-1uq6-h79y-v3gs Information Exposure Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos, the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack. CVE-2018-8023
GHSA-c8cc-p3j7-4c7f

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:53:00.999755+00:00 GitLab Importer Affected by VCID-32mt-mbwm-bbca https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2019-0204.yml 38.4.0
2026-04-16T20:52:39.008484+00:00 GitLab Importer Affected by VCID-t39q-ds43-9kee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-11793.yml 38.4.0
2026-04-16T20:51:41.933179+00:00 GitLab Importer Affected by VCID-7juj-78y7-g7b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2019-5736.yml 38.4.0
2026-04-16T20:47:45.065264+00:00 GitLab Importer Fixing VCID-1uq6-h79y-v3gs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-8023.yml 38.4.0
2026-04-16T20:47:31.226610+00:00 GitLab Importer Affected by VCID-httt-y1jd-1few https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-1330.yml 38.4.0
2026-04-16T01:28:02.931047+00:00 GHSA Importer Affected by VCID-t39q-ds43-9kee https://github.com/advisories/GHSA-p2xq-vcm7-xjj6 38.4.0
2026-04-16T01:25:08.347230+00:00 GHSA Importer Fixing VCID-1uq6-h79y-v3gs https://github.com/advisories/GHSA-c8cc-p3j7-4c7f 38.4.0
2026-04-11T22:03:50.848479+00:00 GitLab Importer Affected by VCID-32mt-mbwm-bbca https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2019-0204.yml 38.3.0
2026-04-11T22:03:27.542155+00:00 GitLab Importer Affected by VCID-t39q-ds43-9kee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-11793.yml 38.3.0
2026-04-11T22:02:27.672717+00:00 GitLab Importer Affected by VCID-7juj-78y7-g7b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2019-5736.yml 38.3.0
2026-04-11T21:58:38.259228+00:00 GitLab Importer Fixing VCID-1uq6-h79y-v3gs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-8023.yml 38.3.0
2026-04-11T21:58:23.584637+00:00 GitLab Importer Affected by VCID-httt-y1jd-1few https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-1330.yml 38.3.0
2026-04-11T12:57:20.631133+00:00 GHSA Importer Affected by VCID-t39q-ds43-9kee https://github.com/advisories/GHSA-p2xq-vcm7-xjj6 38.3.0
2026-04-11T12:54:27.008494+00:00 GHSA Importer Fixing VCID-1uq6-h79y-v3gs https://github.com/advisories/GHSA-c8cc-p3j7-4c7f 38.3.0
2026-04-02T22:16:50.726235+00:00 GitLab Importer Affected by VCID-32mt-mbwm-bbca https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2019-0204.yml 38.1.0
2026-04-02T22:16:29.004264+00:00 GitLab Importer Affected by VCID-t39q-ds43-9kee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-11793.yml 38.1.0
2026-04-02T22:15:31.904959+00:00 GitLab Importer Affected by VCID-7juj-78y7-g7b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2019-5736.yml 38.1.0
2026-04-02T22:11:57.187998+00:00 GitLab Importer Fixing VCID-1uq6-h79y-v3gs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-8023.yml 38.1.0
2026-04-02T22:11:43.196490+00:00 GitLab Importer Affected by VCID-httt-y1jd-1few https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-1330.yml 38.1.0
2026-04-02T13:49:43.498804+00:00 GHSA Importer Affected by VCID-t39q-ds43-9kee https://github.com/advisories/GHSA-p2xq-vcm7-xjj6 38.1.0
2026-04-02T13:47:04.528386+00:00 GHSA Importer Fixing VCID-1uq6-h79y-v3gs https://github.com/advisories/GHSA-c8cc-p3j7-4c7f 38.1.0
2026-04-01T16:34:28.063754+00:00 GitLab Importer Affected by VCID-32mt-mbwm-bbca https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2019-0204.yml 38.0.0
2026-04-01T16:34:04.801473+00:00 GitLab Importer Affected by VCID-t39q-ds43-9kee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-11793.yml 38.0.0
2026-04-01T16:33:00.259026+00:00 GitLab Importer Affected by VCID-7juj-78y7-g7b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2019-5736.yml 38.0.0
2026-04-01T16:29:05.095537+00:00 GitLab Importer Affected by VCID-httt-y1jd-1few https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-1330.yml 38.0.0
2026-04-01T15:56:58.196274+00:00 GHSA Importer Fixing VCID-1uq6-h79y-v3gs https://github.com/advisories/GHSA-c8cc-p3j7-4c7f 38.0.0
2026-04-01T13:03:29.452231+00:00 GithubOSV Importer Fixing VCID-1uq6-h79y-v3gs https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-c8cc-p3j7-4c7f/GHSA-c8cc-p3j7-4c7f.json 38.0.0
2026-04-01T12:47:58.502614+00:00 GitLab Importer Fixing VCID-1uq6-h79y-v3gs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-8023.yml 38.0.0