CVE-2018-1330
HIGH7.5EPSS 2.1%Crash when decoding malformed HTTP requests or malformed JSON payload
發布日:2022/5/14修改日:2023/11/8
描述
When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.
受影響套件(1)
- Maven/org.apache.mesos:mesos>= 1.4.0, < 1.6.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |