4 matches found
au.com.skytix:mesos-scheduler-client (>=1.0.11 <=1.0.15), au.com.skytix:velocity-scheduler (>=1.0.34 <=1.0.40) +40 more potentially affected by CVE-2017-9790 via org.apache.mesos:mesos (>=0.9.0-incubating <=1.1.2)
org.apache.mesos:mesos MAVEN version =0.9.0-incubating, =1.0.11, =1.0.34, =2.1.7, =2.1.7, =2.2.0, =2.2.0, =2.1.2, =2.1.2, =0.18.0, =0.1.3, =0.1.3, =0.18.0, =0.18.0, =0.18.0, =0.1.0, =0.2.0 and more Source cves: CVE-2017-9790 Source advisory: OSV:GHSA-VPCV-78CP-WHR3...
com.adobe.api.platform.runtime:mesos (=0.0.2), com.adobe.api.platform.runtime:mesos-actor (>=0.0.3 <=0.0.9) potentially affected by CVE-2017-9790 via org.apache.mesos:mesos (=1.2.1)
org.apache.mesos:mesos MAVEN version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.mesos:mesos and may be impacted: - com.adobe.api.platform.runtime:mesos =0.0.2 - com.adobe.api.platform.runtime:mesos-actor =0.0.3, =0.0.9 Source cve...
CVE-2017-9790
When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore...
CVE-2017-9790
CVE-2017-9790 affects Apache Mesos’ libprocess: when handling a libprocess message wrapped in an HTTP request, the parser assumes the request path always starts with '/' and crashes if the path is empty. This can cause a denial of service on Mesos masters, rendering the Mesos-controlled cluster i...