Vulnerabilities > Apache > Mesos > 0.22.2

DATE CVE VULNERABILITY TITLE RISK
2018-09-21 CVE-2018-8023 Information Exposure vulnerability in Apache Mesos
Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT).
network
high complexity
apache CWE-200
5.9
5.9
2017-09-29 CVE-2017-9790 Use After Free vulnerability in Apache Mesos
When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'.
network
low complexity
apache CWE-416
7.5
7.5
2017-09-29 CVE-2017-7687 Unspecified vulnerability in Apache Mesos
When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function.
network
low complexity
apache
7.5
7.5