Search for packages
| purl | pkg:maven/org.apache.mesos/mesos@1.7.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-32mt-mbwm-bbca
Aliases: CVE-2019-0204 GHSA-32w9-2qpc-5f9v |
Improper Input Validation A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos. A malicious actor can therefore gain root-level code execution on the host. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-7juj-78y7-g7b6
Aliases: CVE-2019-5736 |
Containment Errors (Container Errors) runc allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to `/proc/self/exe`. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-t39q-ds43-9kee
Aliases: CVE-2018-11793 GHSA-p2xq-vcm7-xjj6 |
Improper Restriction of Operations within the Bounds of a Memory Buffer When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos might overflow the stack due to unbounded recursion. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||