VulnerableCode Package Details - pkg:maven/org.apache.mesos/mesos@1.4.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-7juj-78y7-g7b6 Aliases: CVE-2019-5736	Containment Errors (Container Errors) runc allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to `/proc/self/exe`.	1.7.1-rc1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.7.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-httt-y1jd-1few Aliases: CVE-2018-1330 GHSA-95q3-pppp-r683	Improper Input Validation When parsing a malformed JSON payload, libprocess in Apache Mesos crashes due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash because of the mistakenly planted assertion.	1.5.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.6.0 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.6.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-t39q-ds43-9kee Aliases: CVE-2018-11793 GHSA-p2xq-vcm7-xjj6	Improper Restriction of Operations within the Bounds of a Memory Buffer When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos might overflow the stack due to unbounded recursion.	1.5.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.6.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.7.1-rc1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.7.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.8.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-7juj-78y7-g7b6
Aliases:
CVE-2019-5736

Containment Errors (Container Errors) runc allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to `/proc/self/exe`.

1.7.1-rc1
Affected by 2 other vulnerabilities.

1.7.1
Affected by 1 other vulnerability.

VCID-httt-y1jd-1few
Aliases:
CVE-2018-1330
GHSA-95q3-pppp-r683

Improper Input Validation When parsing a malformed JSON payload, libprocess in Apache Mesos crashes due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash because of the mistakenly planted assertion.

1.5.2
Affected by 2 other vulnerabilities.

1.6.0
Affected by 5 other vulnerabilities.

1.6.1
Affected by 3 other vulnerabilities.

VCID-t39q-ds43-9kee
Aliases:
CVE-2018-11793
GHSA-p2xq-vcm7-xjj6

Improper Restriction of Operations within the Bounds of a Memory Buffer When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos might overflow the stack due to unbounded recursion.

1.5.2
Affected by 2 other vulnerabilities.

1.6.2
Affected by 1 other vulnerability.

1.7.1-rc1
Affected by 2 other vulnerabilities.

1.7.1
Affected by 1 other vulnerability.

1.8.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-32mt-mbwm-bbca	Improper Input Validation A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos. A malicious actor can therefore gain root-level code execution on the host.	CVE-2019-0204 GHSA-32w9-2qpc-5f9v
VCID-t39q-ds43-9kee	Improper Restriction of Operations within the Bounds of a Memory Buffer When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos might overflow the stack due to unbounded recursion.	CVE-2018-11793 GHSA-p2xq-vcm7-xjj6

Vulnerability

Summary

Aliases

VCID-32mt-mbwm-bbca

Improper Input Validation A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos. A malicious actor can therefore gain root-level code execution on the host.

CVE-2019-0204
GHSA-32w9-2qpc-5f9v

VCID-t39q-ds43-9kee

CVE-2018-11793
GHSA-p2xq-vcm7-xjj6

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T20:53:01.002990+00:00	GitLab Importer	Fixing	VCID-32mt-mbwm-bbca	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2019-0204.yml	38.4.0
2026-04-16T20:52:39.011787+00:00	GitLab Importer	Affected by	VCID-t39q-ds43-9kee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-11793.yml	38.4.0
2026-04-16T20:51:41.936430+00:00	GitLab Importer	Affected by	VCID-7juj-78y7-g7b6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2019-5736.yml	38.4.0
2026-04-16T20:47:31.229995+00:00	GitLab Importer	Affected by	VCID-httt-y1jd-1few	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-1330.yml	38.4.0
2026-04-16T01:28:02.934868+00:00	GHSA Importer	Fixing	VCID-t39q-ds43-9kee	https://github.com/advisories/GHSA-p2xq-vcm7-xjj6	38.4.0
2026-04-11T22:03:50.852029+00:00	GitLab Importer	Fixing	VCID-32mt-mbwm-bbca	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2019-0204.yml	38.3.0
2026-04-11T22:03:27.546112+00:00	GitLab Importer	Affected by	VCID-t39q-ds43-9kee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-11793.yml	38.3.0
2026-04-11T22:02:27.676479+00:00	GitLab Importer	Affected by	VCID-7juj-78y7-g7b6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2019-5736.yml	38.3.0
2026-04-11T21:58:23.590915+00:00	GitLab Importer	Affected by	VCID-httt-y1jd-1few	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-1330.yml	38.3.0
2026-04-11T12:57:20.635063+00:00	GHSA Importer	Fixing	VCID-t39q-ds43-9kee	https://github.com/advisories/GHSA-p2xq-vcm7-xjj6	38.3.0
2026-04-02T22:16:50.729493+00:00	GitLab Importer	Fixing	VCID-32mt-mbwm-bbca	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2019-0204.yml	38.1.0
2026-04-02T22:16:29.007598+00:00	GitLab Importer	Affected by	VCID-t39q-ds43-9kee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-11793.yml	38.1.0
2026-04-02T22:15:31.908237+00:00	GitLab Importer	Affected by	VCID-7juj-78y7-g7b6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2019-5736.yml	38.1.0
2026-04-02T22:11:43.199798+00:00	GitLab Importer	Affected by	VCID-httt-y1jd-1few	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-1330.yml	38.1.0
2026-04-02T13:49:43.501933+00:00	GHSA Importer	Fixing	VCID-t39q-ds43-9kee	https://github.com/advisories/GHSA-p2xq-vcm7-xjj6	38.1.0
2026-04-01T16:34:04.805214+00:00	GitLab Importer	Affected by	VCID-t39q-ds43-9kee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-11793.yml	38.0.0
2026-04-01T16:33:00.262750+00:00	GitLab Importer	Affected by	VCID-7juj-78y7-g7b6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2019-5736.yml	38.0.0
2026-04-01T16:29:05.099331+00:00	GitLab Importer	Affected by	VCID-httt-y1jd-1few	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2018-1330.yml	38.0.0
2026-04-01T16:00:52.156987+00:00	GHSA Importer	Fixing	VCID-32mt-mbwm-bbca	https://github.com/advisories/GHSA-32w9-2qpc-5f9v	38.0.0
2026-04-01T15:57:21.236309+00:00	GHSA Importer	Fixing	VCID-t39q-ds43-9kee	https://github.com/advisories/GHSA-p2xq-vcm7-xjj6	38.0.0
2026-04-01T13:09:43.203981+00:00	GithubOSV Importer	Fixing	VCID-32mt-mbwm-bbca	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-32w9-2qpc-5f9v/GHSA-32w9-2qpc-5f9v.json	38.0.0
2026-04-01T13:04:30.189917+00:00	GithubOSV Importer	Fixing	VCID-t39q-ds43-9kee	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/03/GHSA-p2xq-vcm7-xjj6/GHSA-p2xq-vcm7-xjj6.json	38.0.0
2026-04-01T12:48:22.230538+00:00	GitLab Importer	Fixing	VCID-32mt-mbwm-bbca	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.mesos/mesos/CVE-2019-0204.yml	38.0.0