Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.mesos/mesos@1.6.0
Typemaven
Namespaceorg.apache.mesos
Namemesos
Version1.6.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.6.1
Latest_non_vulnerable_version1.8.1
Affected_by_vulnerabilities
0
url VCID-7g2y-bp57-qfg6
vulnerability_id VCID-7g2y-bp57-qfg6
summary 
Information Exposure
Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos, the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8023
reference_id CVE-2018-8023
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-8023
fixed_packages
0
url pkg:maven/org.apache.mesos/mesos@1.6.1
purl pkg:maven/org.apache.mesos/mesos@1.6.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.6.1
aliases CVE-2018-8023
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7g2y-bp57-qfg6
1
url VCID-c5db-5znh-pqdq
vulnerability_id VCID-c5db-5znh-pqdq
summary 
Improper Input Validation
When parsing a malformed JSON payload, libprocess in Apache Mesos crashes due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash because of the mistakenly planted assertion.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1330
reference_id CVE-2018-1330
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1330
fixed_packages
0
url pkg:maven/org.apache.mesos/mesos@1.6.1
purl pkg:maven/org.apache.mesos/mesos@1.6.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.6.1
aliases CVE-2018-1330
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c5db-5znh-pqdq
2
url VCID-d7b8-quba-e3cv
vulnerability_id VCID-d7b8-quba-e3cv
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos might overflow the stack due to unbounded recursion.
references
0
reference_url http://www.securityfocus.com/bid/107281
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/107281
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11793
reference_id CVE-2018-11793
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-11793
fixed_packages
0
url pkg:maven/org.apache.mesos/mesos@1.6.2
purl pkg:maven/org.apache.mesos/mesos@1.6.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.6.2
1
url pkg:maven/org.apache.mesos/mesos@1.7.1
purl pkg:maven/org.apache.mesos/mesos@1.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.7.1
2
url pkg:maven/org.apache.mesos/mesos@1.8.1
purl pkg:maven/org.apache.mesos/mesos@1.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.8.1
aliases CVE-2018-11793
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d7b8-quba-e3cv
3
url VCID-fc69-rzjb-cqf6
vulnerability_id VCID-fc69-rzjb-cqf6
summary 
Improper Input Validation
A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos. A malicious actor can therefore gain root-level code execution on the host.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0204
reference_id CVE-2019-0204
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-0204
fixed_packages
0
url pkg:maven/org.apache.mesos/mesos@1.6.2
purl pkg:maven/org.apache.mesos/mesos@1.6.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.6.2
1
url pkg:maven/org.apache.mesos/mesos@1.7.2
purl pkg:maven/org.apache.mesos/mesos@1.7.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.7.2
2
url pkg:maven/org.apache.mesos/mesos@1.8.1
purl pkg:maven/org.apache.mesos/mesos@1.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.8.1
aliases CVE-2019-0204
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fc69-rzjb-cqf6
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.mesos/mesos@1.6.0