2 matches found
au.com.skytix:mesos-scheduler-client (>=1.0.11 <=1.0.15), au.com.skytix:velocity-scheduler (>=1.0.34 <=1.0.40) +44 more potentially affected by CVE-2018-11793 via org.apache.mesos:mesos (>=0.9.0-incubating <=1.4.2)
org.apache.mesos:mesos MAVEN version =0.9.0-incubating, =1.0.11, =1.0.34, =2.1.7, =2.1.7, =2.2.0, =2.2.0, =0.0.3, =2.1.2, =2.1.2, =0.18.0, =0.1.3, =0.1.3, =0.18.0, =0.18.0, =1.5.0 and more Source cves: CVE-2018-11793 Source advisory: OSV:GHSA-P2XQ-VCM7-XJJ6...
CVE-2018-11793
Apache Mesos is affected in versions pre-1.4.x and specific 1.4.x/1.5.x/1.6.x/1.7.0 branches. The issue is an unbounded recursion during parsing of deeply nested JSON payloads, which can overflow the stack and cause a denial of service/crash of Mesos masters. The impact is DoS rendering the clust...