High severity7.5NVD Advisory· Published Mar 5, 2019· Updated Jun 17, 2026
CVE-2018-11793
CVE-2018-11793
Description
When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.mesos:mesosMaven | < 1.4.3 | 1.4.3 |
org.apache.mesos:mesosMaven | >= 1.5.0, < 1.5.2 | 1.5.2 |
org.apache.mesos:mesosMaven | >= 1.6.0, < 1.6.2 | 1.6.2 |
org.apache.mesos:mesosMaven | >= 1.7.0, < 1.7.1 | 1.7.1 |
Affected products
2- Apache Software Foundation/Apache Mesosv5Range: Apache Mesos pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, 1.7.0
Patches
Vulnerability mechanics
References
5- www.securityfocus.com/bid/107281nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-p2xq-vcm7-xjj6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-11793ghsaADVISORY
- lists.apache.org/thread.html/9be975c53e5ad612c7e0af39f5b88837fbfbc32108e587d3d8499844@%3Cdev.mesos.apache.org%3EghsaWEB
- lists.apache.org/thread.html/9be975c53e5ad612c7e0af39f5b88837fbfbc32108e587d3d8499844%40%3Cdev.mesos.apache.org%3Envd
News mentions
0No linked articles in our index yet.